Earlier this year, Governor Charlie Baker signed into law an Act to Protect Access to Confidential Healthcare (the PATCH Act), which prevents information regarding “sensitive health care services” from being shared with anyone other than the patient in the form of Explanation of Benefits (EOB) and Summary of Payment (SOP) forms. When more than one person is covered by the same medical insurance plan, sensitive health care information can be disclosed through the use of these common forms, sometimes including information on sexual assault, domestic violence, mental health disorders, or sexual and reproductive health. When the EOB or SOP is provided to the named policyholder—rather than the specific beneficiary that the services described therein relate to—the beneficiary’s confidentiality can be compromised. 

The PATCH Act seeks to protect privacy in a number of ways by: allowing insurers to send SOP forms directly to the patient rather than to the primary policyholder; allowing patients to choose their preferred address and method for receiving SOPs; providing only general information about certain sensitive services or visits; and providing patients the option to opt-out of receiving SOPs if no payment is due.

The PATCH Act requires an insurer to honor a beneficiary’s request with regard to information regarding sensitive health care services in a summary of payment. The PATCH Act further requires that, through regulations, the Division of Insurance define what constitutes “sensitive health care services.”  Moreover, those regulations will also include “requirements for reasonable reporting by carriers to the division regarding compliance and the number and type of complaints received regarding noncompliance” with the Act. Notably, the final version of the Act, S.2296, did not include reporting requirements for “breaches of confidentiality” as earlier versions had—like Bill S.557.

The Division of Insurance will also “develop and implement a plan to educate providers and consumers regarding the rights of insured members and the responsibilities of carriers to promote compliance with” the Act. Nonetheless, insurers may want to proactively analyze this legislation and how it may affect their standard policies and procedures.