(a) No person shall disclose any nonpublic personal information contrary to the provisions of Title V of the Gramm-Leach-Bliley Act, Pub. L. 106-102 (1999).
(b) On or before July 1, 2001, the commissioner shall propose rules for legislative approval in accordance with article twenty, chapter twenty-nine-a of this code necessary to carry out the provisions of Title V of the Gramm-Leach-Bliley Act, Pub. L. 106-102 (1999) and this article.
(c) Medical records and medical billing records obtained by insurers in connection with insurance claims or civil litigation shall be confidentially maintained by insurers in accordance with state and federal law, including the provisions of Title 114, Series 57 of the Code of State Rules, and no additional restrictions or conditions may be imposed that contradict or are inconsistent with any applicable policy of insurance or the performance of insurance functions permitted or authorized by state and federal law. The Insurance Commissioner shall review the provisions of Title 114, Series 57 of the Code of State Rules and, to the extent determined necessary, shall propose new rules or modify existing rules by December 31, 2017 to address:
(1) The circumstances under which an insurance company may disclose medical records and medical billing records to other persons or entities;
(2) The circumstances under which personal identifying information of a person must be redacted before that person’s medical records or medical billing records may be disclosed to other persons or entities;
(3) The steps an insurance company is required to undertake before medical records or medical billing records are disclosed to other persons or entities to assure that any person or entity to which an insurance company is disclosing a person’s medical records or medical billing records will be using such records only for purposes permitted by law; and,
(4) The implementation of the requirement that the insurance company has processes or procedures in place to prevent the unauthorized access by its own employees to a person’s confidential medical records or medical billing records.
Notwithstanding the provisions of section one of this article:
(a) Each insurer that provides personal lines liability insurance coverage, as that term is defined in section nine, article twelve of this chapter, to pay all or a portion of a claim asserted against an insurance policy insuring a motor vehicle shall provide, within thirty days of its receipt of a written request from a claimant's attorney who has given written notice that he or she represents the claimant:
(1) A response providing the following information relating to each of the insurer's known policies of insurance, including excess or umbrella insurance, which does or may provide liability coverage for the claim:
(A) The name of the insurer;
(B) The name of each named insured of the subject policy; and
(C) The limits of any motor vehicle liability insurance policy at the time of the events that are the subject of the claim; or
(2) The declarations page of any motor vehicle liability policy applicable at the time of the events that are the subject of the claim, appropriately redacted to comply with applicable privacy laws or rules;
(b) Any written request by the claimant's attorney under this section must include:
(1) The date and location of the events that are the subject of the claim;
(2) The name and, if known, the last known address of the insured;
(3) A copy of the accident or incident report, if any;
(4) The insurer's claim number;
(5) A good-faith estimate and documentation of all of the claimant's medical expenses if any and any wage loss documentation as of the date of the request, if any; and
(6) Documentation as of the date of the request of any and all property damage.
(c) Disclosure of the information required by subsection (a) of this section is not an admission that the alleged injury or damage is subject to the policy, nor does the disclosure waive any reservation of rights an insurer may have.
(d) The information disclosed by any party pursuant to this section, by reason of the disclosure, is not admissible as evidence at trial.
(e) An insurer's compliance with this section does not constitute a violation of this article, or subsection (12), section four, article eleven of this chapter.
(f) An insurer that fails to comply with this section is subject to a penalty of $500, plus reasonable attorneys' fees and expenses incurred in obtaining disclosure of the information required by subsection (a) of this section. This penalty is the sole and exclusive remedy for an insurer's failure to comply with this section.