FOR AN ACT ENTITLED, An Act to  revise the health information privacy rule-making authority of the director of insurance to include nonpublic personal financial information.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF SOUTH DAKOTA:
     Section  1.  That § 58-2-40 be amended to read as follows:
     58-2-40.   The director of insurance shall promulgate rules pursuant to chapter 1-26, to protect the privacy of personally identifiable health care and medical information, data, and records and nonpublic personal financial information . The rules shall cover health care and medical information, data, and records and nonpublic personal financial information collected, used, or disclosed by any person licensed or registered under Title 58 or , any person with whom such licensees or registrants contract, or any claimant or beneficiary of products or services of licensees if the products or services are primarily used for personal, family, or household purposes, and shall include all health care and medical information, data, and records received by or in the possession of the Division of Insurance. The rules may include the following:

             (1)      Definition of terms;

             (2)      Standards for the protection of the privacy and confidentiality of personally

identifiable health care information and medical records and nonpublic personal financial information ;

             (3)      Rules for the collection, use, storage, security, disclosure, release, and disposal of health care and medical information, data, and records and nonpublic personal financial information in all forms, including printed material, plastic media, audio, video, and computerized and electronic transmissions;

             (4)      Rules regarding the sale and exchange of health care and medical information, data, and records and nonpublic personal financial information ;

             (5)      Rules to define the responsibilities and limitations of those needing or requiring access to health care and medical information, data, and records and nonpublic personal financial information ;

             (6)      Rules for procedures and documents required for the release or transfer of health care and medical information, data, and records, including the identity of any person who may release such information and records and under what conditions and provisions of the law, as needed to protect the privacy of personally identifiable health care and medical information, data, and records and nonpublic personal financial information ;

             (7)      Rules for the collection, use, storage, security, disclosure, distribution, release, and disposal of health care information and medical records and nonpublic personal financial information obtained, used, or held in connection with the operation, maintenance, or review of insurance certificates, contracts, policies, and plans, and health maintenance organizations, subject to the jurisdiction of the director of insurance ;

             (8)    Rules requiring a licensee to provide notice to individuals about its privacy policies and practices;

---

             (9)    Rules describing the conditions under which a licensee may disclose nonpublic personal health information and nonpublic personal financial information about individuals to affiliates and nonaffiliated third parties;

             (10)    Rules to provide protection to individuals who use authorized methods to prevent the use or disclosure of their nonpublic financial or health information; and

             (11)    Rules providing methods for individuals to prevent a licensee from disclosing nonpublic personal health information and nonpublic personal financial information .