Current through Reg. 49, No. 45; November 8, 2024
Section 19.2013 - Confidentiality(a) Confidentiality requirements. To ensure confidentiality, a URA must, when contacting a physician's, doctor's, or other health care provider's office, provide its certification number, name, and professional qualifications. (1) If requested by the physician, doctor, or other health care provider, the URA must present written documentation that it is acting as an agent of the insurance carrier for the relevant injured employee.(2) Medical records and injured employee specific information must be maintained by a URA in a secure area with access limited to essential personnel only.(3) A URA must retain information generated and obtained by the URA in the course of utilization review for at least four years.(4) A URA's charges for providing a copy of recorded personal information to individuals may not exceed 10 cents per page and may not include any costs that are otherwise recouped as part of the charge for utilization review.(b) Written procedures on confidentiality. (1) A URA must specify in writing the procedures the URA will implement pertaining to confidentiality of information received from the injured employee, the injured employee's representative, and the physician, doctor, or other health care provider and the information exchanged between the URA and third parties for conducting utilization review. These procedures must specify that:(A) specific information received from the injured employee, the injured employee's representative, and the physician, doctor, or other health care provider and the information exchanged between the URA and third parties for the purpose of conducting reviews will be considered confidential, be used by the review agent solely for utilization review, and be shared by the URA with only those third parties who have authority to receive the information, for example, the claim administrator; and(B) the URA has procedures in place to address confidentiality, and that the URA agrees to abide by any federal and state laws governing the issue of confidentiality.(2) Summary data which does not provide sufficient information to allow identification of individual injured employees, physicians, doctors, or other health care providers is not considered confidential.28 Tex. Admin. Code § 19.2013
The provisions of this §19.2013 adopted to be effective February 20, 2013, 38 TexReg 892