Bill Text: MN SF2516 | 2011-2012 | 87th Legislature | Introduced
Bill Title: Social security number use in certain health records prohibition
Spectrum: Partisan Bill (Democrat 3-0)
Status: (Introduced - Dead) 2012-03-19 - Referred to Judiciary and Public Safety [SF2516 Detail]
Download: Minnesota-2011-SF2516-Introduced.html
1.2relating to data privacy; prohibiting the use of Social Security numbers in certain
1.3health records;amending Minnesota Statutes 2010, section 325E.59, subdivision
1.41; proposing coding for new law in Minnesota Statutes, chapters 62Q; 144.
1.5BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF MINNESOTA:
1.6 Section 1. [62Q.022] USE OF SOCIAL SECURITY NUMBERS.
1.7A health plan company shall comply with the restrictions on use of an individual's
1.8Social Security number contained in section 325E.59.
1.9 Sec. 2. [144.2935] USE OF SOCIAL SECURITY NUMBER PROHIBITED.
1.10A provider may not request or record a patient's Social Security number in any
1.11health record maintained by the provider.
1.12EFFECTIVE DATE.This section is effective August 1, 2012. Social security
1.13numbers appearing in a health record on that date must be removed from the record and
1.14destroyed by the provider no later than January 1, 2013.
1.15 Sec. 3. Minnesota Statutes 2010, section 325E.59, subdivision 1, is amended to read:
1.16 Subdivision 1. Generally. (a) A person or entity, not including a government entity,
1.17may not do any of the following:
1.18 (1) publicly post or publicly display in any manner an individual's Social Security
1.19number. "Publicly post" or "publicly display" means to intentionally communicate or
1.20otherwise make available to the general public;
1.21 (2) print an individual's Social Security number on any card required for the
1.22individual to access products or services provided by the person or entity;
2.1 (3) require an individual to transmit the individual's Social Security number over
2.2the Internet, unless the connection is secure or the Social Security number is encrypted,
2.3except as required by titles XVIII and XIX of the Social Security Act and by Code of
2.4Federal Regulations, title 42, section 483.20;
2.5 (4) require an individual to use the individual's Social Security number to access an
2.6Internet Web site, unless a password or unique personal identification number or other
2.7authentication device is also required to access the Internet Web site;
2.8 (5) print a number that the person or entity knows to be an individual's Social
2.9Security number on any materials that are mailed to the individual, unless state or federal
2.10law requires the Social Security number to be on the document to be mailed. If, in
2.11connection with a transaction involving or otherwise relating to an individual, a person
2.12or entity receives a number from a third party, that person or entity is under no duty to
2.13inquire or otherwise determine whether the number is or includes that individual's Social
2.14Security number and may print that number on materials mailed to the individual, unless
2.15the person or entity receiving the number has actual knowledge that the number is or
2.16includes the individual's Social Security number;
2.17 (6) assign or use a number as the primary account identifier that is identical to or
2.18incorporates an individual's complete Social Security number, except in conjunction
2.19with an employee or member retirement or benefit plan or human resource or payroll
2.20administration;or
2.21(7) if the person or entity is a health plan company as defined in section 62Q.01,
2.22subdivision 4, request or record an individual's Social Security number in any record
2.23maintained by the company relating to past, present, or future coverage for the provision
2.24of health care to the individual; or
2.25(7) (8) sell Social Security numbers obtained from individuals in the course of
2.26business.
2.27(b) For purposes of paragraph (a), clause (7), "sell" does not include the release of
2.28an individual's Social Security number if the release of the Social Security number is
2.29incidental to a larger transaction and is necessary to identify the individual in order to
2.30accomplish a legitimate business purpose. The release of a Social Security number for the
2.31purpose of marketing is not a legitimate business purpose under this paragraph.
2.32 (c) Notwithstanding paragraph (a), clauses (1) to (5), Social Security numbers may
2.33be included in applications and forms sent by mail, including documents sent as part of
2.34an application or enrollment process, or to establish, amend, or terminate an account,
2.35contract, or policy, or to confirm the accuracy of the Social Security number. Nothing in
3.1this paragraph authorizes inclusion of a Social Security number on the outside of a mailing
3.2or in the bulk mailing of a credit card solicitation offer.
3.3 (d) A person or entity, not including a government entity, must restrict access
3.4to individual Social Security numbers it holds so that only its employees, agents, or
3.5contractors who require access to records containing the numbers in order to perform their
3.6job duties have access to the numbers, except as required by titles XVIII and XIX of the
3.7Social Security Act and by Code of Federal Regulations, title 42, section 483.20.
3.8 (e) This section applies only to the use of Social Security numbers on or after July
3.91, 2008.
3.10EFFECTIVE DATE.This section is effective August 1, 2012. Social Security
3.11numbers appearing in a record on that date must be removed and destroyed by the health
3.12plan company no later than January 1, 2013.
1.3health records;amending Minnesota Statutes 2010, section 325E.59, subdivision
1.41; proposing coding for new law in Minnesota Statutes, chapters 62Q; 144.
1.5BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF MINNESOTA:
1.6 Section 1. [62Q.022] USE OF SOCIAL SECURITY NUMBERS.
1.7A health plan company shall comply with the restrictions on use of an individual's
1.8Social Security number contained in section 325E.59.
1.9 Sec. 2. [144.2935] USE OF SOCIAL SECURITY NUMBER PROHIBITED.
1.10A provider may not request or record a patient's Social Security number in any
1.11health record maintained by the provider.
1.12EFFECTIVE DATE.This section is effective August 1, 2012. Social security
1.13numbers appearing in a health record on that date must be removed from the record and
1.14destroyed by the provider no later than January 1, 2013.
1.15 Sec. 3. Minnesota Statutes 2010, section 325E.59, subdivision 1, is amended to read:
1.16 Subdivision 1. Generally. (a) A person or entity, not including a government entity,
1.17may not do any of the following:
1.18 (1) publicly post or publicly display in any manner an individual's Social Security
1.19number. "Publicly post" or "publicly display" means to intentionally communicate or
1.20otherwise make available to the general public;
1.21 (2) print an individual's Social Security number on any card required for the
1.22individual to access products or services provided by the person or entity;
2.1 (3) require an individual to transmit the individual's Social Security number over
2.2the Internet, unless the connection is secure or the Social Security number is encrypted,
2.3except as required by titles XVIII and XIX of the Social Security Act and by Code of
2.4Federal Regulations, title 42, section 483.20;
2.5 (4) require an individual to use the individual's Social Security number to access an
2.6Internet Web site, unless a password or unique personal identification number or other
2.7authentication device is also required to access the Internet Web site;
2.8 (5) print a number that the person or entity knows to be an individual's Social
2.9Security number on any materials that are mailed to the individual, unless state or federal
2.10law requires the Social Security number to be on the document to be mailed. If, in
2.11connection with a transaction involving or otherwise relating to an individual, a person
2.12or entity receives a number from a third party, that person or entity is under no duty to
2.13inquire or otherwise determine whether the number is or includes that individual's Social
2.14Security number and may print that number on materials mailed to the individual, unless
2.15the person or entity receiving the number has actual knowledge that the number is or
2.16includes the individual's Social Security number;
2.17 (6) assign or use a number as the primary account identifier that is identical to or
2.18incorporates an individual's complete Social Security number, except in conjunction
2.19with an employee or member retirement or benefit plan or human resource or payroll
2.20administration;
2.21(7) if the person or entity is a health plan company as defined in section 62Q.01,
2.22subdivision 4, request or record an individual's Social Security number in any record
2.23maintained by the company relating to past, present, or future coverage for the provision
2.24of health care to the individual; or
2.25
2.26business.
2.27(b) For purposes of paragraph (a), clause (7), "sell" does not include the release of
2.28an individual's Social Security number if the release of the Social Security number is
2.29incidental to a larger transaction and is necessary to identify the individual in order to
2.30accomplish a legitimate business purpose. The release of a Social Security number for the
2.31purpose of marketing is not a legitimate business purpose under this paragraph.
2.32 (c) Notwithstanding paragraph (a), clauses (1) to (5), Social Security numbers may
2.33be included in applications and forms sent by mail, including documents sent as part of
2.34an application or enrollment process, or to establish, amend, or terminate an account,
2.35contract, or policy, or to confirm the accuracy of the Social Security number. Nothing in
3.1this paragraph authorizes inclusion of a Social Security number on the outside of a mailing
3.2or in the bulk mailing of a credit card solicitation offer.
3.3 (d) A person or entity, not including a government entity, must restrict access
3.4to individual Social Security numbers it holds so that only its employees, agents, or
3.5contractors who require access to records containing the numbers in order to perform their
3.6job duties have access to the numbers, except as required by titles XVIII and XIX of the
3.7Social Security Act and by Code of Federal Regulations, title 42, section 483.20.
3.8 (e) This section applies only to the use of Social Security numbers on or after July
3.91, 2008.
3.10EFFECTIVE DATE.This section is effective August 1, 2012. Social Security
3.11numbers appearing in a record on that date must be removed and destroyed by the health
3.12plan company no later than January 1, 2013.
