Skip to main content
Find a Lawyer

Pennsylvania Statutes Title 40 P.S. Insurance § 991.2131. Confidentiality

Current as of January 01, 2025 | Updated by Findlaw Staff

(a) An insurer or MA or CHIP managed care plan shall adopt and maintain procedures to ensure that all protected health information regarding covered person or enrollee health, diagnosis and treatment is adequately protected and remains confidential in compliance with all applicable Federal and State laws and regulations and professional ethical standards.

(b) To the extent an insurer or MA or CHIP managed care plan receives medical records relating to a covered person or enrollee, the insurer or MA or CHIP managed care plan shall adopt and maintain procedures to ensure that covered persons and enrollees have timely access to their medical records upon request of the covered person or enrollee, including medical records provided by a health care provider in the context of utilization review or a complaint, grievance or adverse benefit determination, unless prohibited by Federal or State law or regulation.

(c)(1) Information regarding a covered person's or enrollee's health or treatment shall be available to the covered person or enrollee, the covered person's or enrollee's authorized representative or as necessary to prevent death or serious injury.

(2) Nothing in this section shall:

(i) Prevent disclosure necessary to determine coverage, review complaints, grievances or adverse benefit determinations, conduct utilization review or facilitate payment of a claim.

(ii) Deny the department or the Department of Human Services access to records for purposes of quality assurance, investigation of complaints, grievances or adverse benefit determinations, enforcement or other activities related to compliance with this article and other laws of this Commonwealth. Records shall be accessible only to department employes or agents with direct responsibilities under the provisions of this subparagraph.

(iii) Deny access to information necessary for a utilization review entity to conduct a review under this article.

(iv) Deny access to the insurer or MA or CHIP managed care plan for internal quality review, including reviews conducted as part of the insurer's or MA or CHIP managed care plan's quality oversight process. During such reviews, covered persons and enrollees shall remain anonymous to the greatest extent possible.

(v) Deny access to insurers or MA or CHIP managed care plans, health care providers and their respective designees for the purpose of providing patient care management, outcomes improvement and research. For this purpose, covered persons and enrollees shall provide consent and shall remain anonymous to the greatest extent possible.

Previous Part of Code Next Part of Code
Back to Chapter List

Cite this article: FindLaw.com - Pennsylvania Statutes Title 40 P.S. Insurance § 991.2131. Confidentiality - last updated January 01, 2025 | https://codes.findlaw.com/pa/title-40-ps-insurance/pa-st-sect-40-991-2131/

FindLaw Codes may not reflect the most recent version of the law in your jurisdiction. Please verify the status of the code you are researching with the state legislature before relying on it for your legal needs.

Was this helpful?

Welcome to FindLaw's Cases & Codes

A free source of state and federal court opinions, state laws, and the United States Code. For more information about the legal concepts addressed by these cases and statutes, visit FindLaw’s Learn About the Law.

Go to Learn About the Law

Latest Blog Posts

For Legal Professionals

Learn About The Law

Get help with your legal needs

FindLaw’s Learn About the Law features thousands of informational articles to help you understand your options. And if you’re ready to hire an attorney, find one in your area who can help.

Go to Learn About the Law

Need to Find an Attorney?

Search our directory by legal issue

Enter information in one or both fields (Required)

Copied to clipboard