(a) No person, including, but not limited to, insurance institutions, agents, insurance support organizations, health care professionals, medical care centers, pharmacies, pharmaceutical companies, schools and universities, and no person's agent, contractor or employee, shall sell or offer for sale individually identifiable medical record information, as defined in section 38a-976. No person shall disclose, for purposes of marketing, individually identifiable medical record information without the prior written consent of the individual to whom the individually identifiable medical record information pertains or, in the case of a minor, of the minor's parent or guardian. Nothing in this section shall be construed to prohibit (1) a person from disclosing individually identifiable medical record information as permitted under section 38a-988, any other applicable state or federal law or in connection with a collectively bargained agreement, or (2) a health care provider from transferring individual identifiable medical record information for the purposes of clinical research, utilization review, quality review, performance improvement, billing for services or other functions performed by health care providers or their agents in support of direct patient care, provided (A) in the case of clinical research, no individually identifiable medical record information may be disclosed by the clinical researcher, unless the disclosure would otherwise be permitted, and (B) the entity to whom the information is transferred agrees not to disclose the information unless the disclosure would otherwise be permitted if made by the transferer. Nothing in this section shall be construed to prohibit a person from transferring individually identifiable medical record information to another person as part of a consummated sale of that person to another person or consummated merger by that person with another person or to a successor in interest. For the purposes of this section, “insurance transaction” as used in section 38a-988 shall apply to any insurance including insurance for personal, family, household, business or professional needs, and “insurance institution” as used in said section 38a-988 includes self-insured employers for workers' compensation purposes and third-party administrators.
(b) An individual harmed by a violation of this section may bring an action for equitable relief, damages or both. Any person who violates the provisions of this section shall be liable to the individual harmed for double damages, costs and reasonable attorneys' fees. No action under this section shall be brought but within two years from the date when the violation first occurs or is discovered, or in the exercise of reasonable care should have been discovered, and except that no such action may be brought more than five years from the date of the violation complained of.
(P.A. 99-284, S. 18, 60; P.A. 14-235, S. 9.)
History: P.A. 99-284 effective July 1, 2000; P.A. 14-235 made a technical change in Subsec. (a).
Structure Connecticut General Statutes
Chapter 705 - Connecticut Insurance Information and Privacy Protection Act
Section 38a-976. (Formerly Sec. 38-501). - Definitions.
Section 38a-977. (Formerly Sec. 38-502). - Applicability. Exceptions.
Section 38a-978. (Formerly Sec. 38-503). - Use of pretext interviews.
Section 38a-979. (Formerly Sec. 38-504). - Notice of insurance information practices.
Section 38a-982. (Formerly Sec. 38-507). - Investigative consumer reports.
Section 38a-983. (Formerly Sec. 38-508). - Access to recorded personal information.
Section 38a-988. (Formerly Sec. 38-513). - Disclosure limitations and conditions.
Section 38a-989. (Formerly Sec. 38-514). - Powers of commissioner.
Section 38a-990. (Formerly Sec. 38-515). - Hearings; subpoenas; service of process.
Section 38a-992. (Formerly Sec. 38-517). - Commissioner to prepare findings.
Section 38a-993. (Formerly Sec. 38-518). - Penalties.
Section 38a-994. (Formerly Sec. 38-519). - Appeals from orders.
Section 38a-995. (Formerly Sec. 38-520). - Individual remedies.
Section 38a-996. (Formerly Sec. 38-521). - Immunity.
Section 38a-997. (Formerly Sec. 38-522). - Obtaining information under false pretenses. Fine.
Section 38a-998. (Formerly Sec. 38-523). - Severability.
Section 38a-999. - Written policies, standards and procedures re medical record information.