NOTE: As provided in LFC policy, this report is intended for use by the standing finance committees of the legislature.  The Legislative Finance Committee does not assume responsibility for the accuracy of the information in this report when used in any other situation.



Only the most recent FIR version, excluding attachments, is available on the Intranet. Previously issued FIRs and attachments may be obtained from the LFC office in Suite 101 of the State Capitol Building North.





F I S C A L I M P A C T R E P O R T





SPONSOR: Leavell DATE TYPED: 03/04/01 HB
SHORT TITLE: Promulgate Privacy Rules SB 352/aSPAC
ANALYST: Wilson


APPROPRIATION



Appropriation Contained
Estimated Additional Impact
Recurring

or Non-Rec

Fund

Affected

FY01 FY02 FY01 FY02
NFI



(Parenthesis ( ) Indicate Expenditure Decreases)



SOURCES OF INFORMATION



Health Policy Commission (HPC)

Public Regulation Commission (PRC)

Retiree Health Care Authority (RHCA)



SUMMARY



     Synopsis of SPAC Amendment



The SPAC amendment has changed the requirement that rules promulgated by the Superintendent of Insurance under this bill must be at least as restrictive as the federal requirements. The rules must "meet" the applicable federal requirements.



Synopsis of Original Bill



The bill authorizes and directs the Superintendent of Insurance to promulgate rules to protect the privacy of insurance consumers' "nonpublic personal information," including personal health and financial information.



Significant Issues



The bill is prompted by the passage of the federal Gramm, Leach, Bliley Act, Public Law 106-102, which repealed the Glass-Steagal Act and permitted the combination of the banking, securities, and insurance industries under common ownership. Title V of Gramm, Leach, Bliley Act requires states to adopt insurance rules to "insure the security and confidentiality of customer records and information" and to "protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer."



Current state law authorizes privacy rules for managed care organizations such as HMOs, but does not extend to other health insurers and other types of insurers that might possess nonpublic personal information of its customers.



SB 352 extends the authority of the PRC to promulgate regulations beyond the federal legislation by establishing the Gramm, Leach, Bliley Act as the floor-not the ceiling.



ADMINISTRATIVE IMPLICATIONS



No new FTE required. Some oversight and enforcement will be required, but the PRC does not think that the burden will be significant.



OTHER SUBSTANTIVE ISSUES



The HPC has provided the following:





























DW/lrs:njw:prr:ar