Text: H.R.3299 — 113th Congress (2013-2014)All Information (Except Text)

There is one version of the bill.

Text available as:

Shown Here:
Introduced in House (10/16/2013)


113th CONGRESS
1st Session
H. R. 3299


To amend section 340A of the Public Health Service Act to protect the privacy of personally identifiable information in relation to enrollment activities of health insurance exchanges, and for other purposes.


IN THE HOUSE OF REPRESENTATIVES

October 16, 2013

Mr. Ross introduced the following bill; which was referred to the Committee on Energy and Commerce, and in addition to the Committee on Ways and Means, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned


A BILL

To amend section 340A of the Public Health Service Act to protect the privacy of personally identifiable information in relation to enrollment activities of health insurance exchanges, and for other purposes.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. Short title.

This Act may be cited as the “Security Before Access Act of 2013”.

SEC. 2. Protecting the privacy of personally identifiable information in enrollment activities of health insurance exchanges.

(a) In general.—Section 340A(c) of the Public Health Service Act (42 U.S.C. 256a(c)) is amended by adding at the end the following new paragraph:

“(3) ENSURING PRIVACY OF PERSONALLY IDENTIFIABLE INFORMATION; LIABILITY; PENALTIES; CONSUMER OPT OUT.—

“(A) IN GENERAL.—The Secretary shall require each recipient of a grant under this section to implement procedures specified by the Secretary consistent with this paragraph in order protect the privacy of personally identifiable information.

“(B) REQUIRED PROCEDURES.—The procedures specified by the Secretary under subparagraph (A) shall include at least the following:

“(i) PROHIBITION OF ACCESS WITHOUT EXPLICIT CONSENT.—No certified application counselor, health insurance navigator, or non-navigator assistance personnel shall have access to personally identifiable information relating to an individual without the express, witnessed, written consent of that individual.

“(ii) REQUIRING LICENSURE, BACKGROUND CHECKS.—No such individual shall have access to personally identifiable information unless the individual—

“(I) has undergone, within 60 days before commencing enrollment assistance for any consumer seeking coverage through health insurance exchanges, both a criminal background and fingerprint check and has a clean record free of criminal infractions; and

“(II) meets educational and licensure requirements that are identical or comparable to those currently applicable to health insurance agents and brokers within the State they seek to assist consumers with health insurance enrollment.

“(iii) REQUIREMENT FOR PRIOR CERTIFICATION OF SAFEGUARDS.—The recipient of the grant may not collect personally identifiable information for any reason until the Comptroller General of the United States, in agreement with the Inspector General of the Department of Health and Human Services, certifies to Congress that such Department, along with any other relevant Federal agencies involved with health insurance assistance or enrollment, or collection or verification of personally identifiable information, have implemented all appropriate and necessary actions to safeguard both the such information and financial information of individuals seeking enrollment in a health plan through an Exchange and to protect such individuals from fraud and abuse.

“(C) LIABILITY.—Not later than 90 days after the date of the enactment of this paragraph, the Secretary—

“(i) shall issue guidance concerning how liability and penalties will be applied in instances of failure to comply with requirements of this paragraph, including where consumer outreach and enrollment assistance causes harm to an individual as a result of misuse or negligence in protection and privacy of personally identifiable information;

“(ii) shall determine whether such liability lies with the person (such as a navigator, certified application counselor, or non-navigator assistance personnel) having direct contact with the prospective enrollee in enrollment assistance-related actions or whether liability lies with the entity that received Federal or Exchange-generated funds to carry out consumer outreach activities; and

“(iii) shall determine whether the entities identified under clause (ii) are required to obtain professional liability coverage.

“(D) PENALTIES.—

“(i) CRIMINAL PENALTIES.—

“(I) Any individual or entity who, under this section, has possession of, or access to, personally identifiable information the disclosure of which is prohibited by this section (or section 552a of title 5, United States Code) or by rules or regulations established thereunder, and who knowing that disclosure of the specific material is so prohibited, willfully discloses the material in any manner to any person or entity not entitled to receive it, shall be guilty of a misdemeanor and fined not more than $5,000.

“(II) A person who commits the offense described under subclause (I) with the intent to sell, transfer, or use personally identifiable information for commercial advantage, personal gain, or malicious harm shall be fined not more than $250,000, imprisoned for not more than 10 years, or both.

“(III) Any person who knowingly and willfully requests or obtains any personally identifiable information protected under this section concerning an individual under false pretenses shall be guilty of a felony and fined not more than $100,000, imprisoned for not more than 5 years, or both.

“(ii) POTENTIAL EXPOSURE TO TAX PENALTY.—Any navigator, certified application counselor, or non-navigator assistance personnel who engages in health plan enrollment consumer assistance activities under this section and who is exposed to consumer tax return information is potentially subject to criminal liability under section 7213(a) of the Internal Revenue Code of 1986 for any instances of unauthorized disclosure of such information.

“(iii) DISQUALIFICATION FROM FURTHER ASSISTANCE.—If the Secretary determines that any individual, including any navigator, certified application counselor, or non-navigator assistance personnel, has a criminal background or is otherwise in violation of this paragraph with respect to the requirements relating to disclosure and use of personally identifiable information, the Secretary shall permanently disqualify the individual from any further involvement in consumer assistance activities required under this section or the Patient Protection and Affordable Care Act and may disqualify and rescind the Federal and Exchange-generated funds from the entity which employs or contracts with such an individual.

“(E) CONSUMER OPT OUT FOR LACK OF PRIVACY PROTECTION.—Beginning on the date of health insurance exchange operations for both individuals and businesses, no individual consumer shall be made responsible for failure to meet a requirement under the Patient Protection and Affordable Care Act (including any amendments made by this Act) for obtaining qualified health insurance coverage through an Exchange unless the Secretary has demonstrated with reasonable certainty that effective and comprehensive protection of personally identifiable information, with respect to any health insurance enrollment activity electronic or otherwise, are in place prior to any consumer disclosure or transmission of personally identifiable information for health insurance enrollment purposes.

“(F) PERSONALLY IDENTIFIABLE INFORMATION DEFINED.—In this paragraph, the term ‘personally identifiable information’ includes Social Security numbers, bank account information, insurance records, health records, personal income data, and any other information deemed personally identifiable and sensitive in nature by the Federal Trade Commission, the Department of Justice, the Social Security Administration, the Consumer Financial Protection Bureau, the President’s Task Force on Identity Theft, and any other relevant Federal agency, which is disclosed or obtained in connection with any health insurance enrollment activity conducted under this section.”.

(b) Effective date.—The amendment made by subsection (a) shall take effect on the date of the enactment of this Act and shall apply to grants made before, on, or after the date of the enactment of this Act. The Secretary of Health and Human Services shall provide for the prompt modification of such grants made before the date of the enactment of this Act in order to comply with the requirement imposed by such amendment.