Current through Reg. 49, No. 44; November 1, 2024
Section 19.1713 - Confidentiality(a) Confidentiality requirements. To ensure confidentiality, a URA must, when contacting a physician's, doctor's, or other health care provider's office, provide its certification number, name, and professional qualifications. (1) If requested by the physician, doctor, or other health care provider, the URA must present written documentation that it is acting as an agent of the payor for the relevant enrollee.(2) Medical records and enrollee specific information must be maintained by the URA in a secure area with access limited to essential personnel only.(3) A URA must retain information generated and obtained by a URA in the course of utilization review for at least four years.(4) A URA's charges for providing a copy of recorded personal information to individuals may not exceed 10 cents per page and may not include any costs that are otherwise recouped as part of the charge for utilization review.(b) Written procedures on confidentiality. (1) The URA must specify in writing the procedures that the URA will implement pertaining to confidentiality of information received from the enrollee; the individual acting on behalf of the enrollee; and the physician, doctor, or other health care provider and the information exchanged between the URA and third parties for conducting utilization review. These procedures must specify that: (A) specific information received from the enrollee; the individual acting on behalf of the enrollee; and the physician, doctor, or other health care provider and the information exchanged between the URA and third parties for conducting reviews will be considered confidential, be used by the review agent solely for utilization review, and be shared by the URA with only those third parties who have authority to receive the information, for example, the claim administrator; and(B) the URA has procedures in place to address confidentiality and that the URA agrees to abide by any federal and state laws governing confidentiality.(2) Summary data which does not provide sufficient information to allow identification of individual enrollees, physicians, doctors, or other health care providers is not considered confidential.28 Tex. Admin. Code § 19.1713
The provisions of this §19.1713 adopted to be effective February 20, 2013, 38 TexReg 892