6.6.7003    EXEMPTION BASED ON FEDERAL STANDARDS FOR PRIVACY AND SECURITY OF INDIVIDUALLY IDENTIFIABLE HEALTH INFORMATION

(1) The obligations imposed under this subchapter do not apply to a licensee that is a covered entity under the provisions of federal regulations that are part of the Federal Health Insurance Portability and Accountability Act of 1996 (HIPAA) , 45 CFR, parts 160 and 164, standards for privacy of individually identifiable health information as to any use or disclosure of personal information that is covered under the HIPAA privacy regulations and the HIPAA security rule.

(2) If a licensee considers itself exempt from this subchapter for the reason provided in (1) , the licensee shall give written notice to the commissioner of that exemption and a brief statement describing why it is a HIPAA-covered entity.

(3) A licensee may claim an exemption only as to those lines of business that are subject to HIPAA privacy and security regulations. All other lines of business are subject to this subchapter.

(4) A third-party administrator that is a party to a valid business associate agreement required by HIPAA privacy regulations is exempt from the provisions of this subchapter, but only as to the scope of that particular agreement. Any activities of the third-party administrator that fall outside of the scope of that agreement are subject to the provisions of this subchapter.

History: 33-19-106, MCA; IMP, 33-19-105, MCA; NEW, 2005 MAR p. 426, Eff. 4/1/05.