Issuers must adopt and use administrative, business, and operational practices and procedures designed to protect an insured's right to privacy granted under chapter 70.02 RCW and federal laws and regulations. For example, issuers must not disclose the insured's health information without the written authorization of the insured, except where the recipient needs to know the information, such as:
(1) To any person, health care provider or health care facility that the issuer reasonably believes is providing health care to the insured;(2) To any other person who requires health care information to provide planning, quality assurance, peer review, or administrative, legal, financial, billing or actuarial services;(3) To assist a health care provider or health care facility in the delivery of health care and the issuer reasonably believes that the recipient will not use or disclose the health care information for any purpose other than the delivery of health care and will take appropriate steps to protect the information;(4) To a health care provider or health care facility reasonably believed to have previously provided health care to the insured to the extent necessary to provide health care services, unless the insured has instructed the health care provider or health care facility in writing not to make the disclosure.Wash. Admin. Code § 284-83-300
Statutory Authority: RCW 48.02.060, 48.83.070, 48.83.110, 48.83.120, 48.83.130(1), and 48.83.140(4)(a). 08-24-019 (Matter No. R 2008-09), § 284-83-300, filed 11/24/08, effective 12/25/08.