M.S.A. § 62V.06 (Data practices)

Data practices

The law classifies the following data collected, created or maintained by the Minnesota Insurance Exchange as private or nonpublic data:

·         Data on individuals participating in the Exchange;

·         Data on employees participating in the SHOP Exchange;

·         Data on employers participating in the Exchange.

Data submitted by insurance carriers to apply to be certified as a QHP, or submitted by an individual making a Navigator application are classified as follows:

• At the time of application, all data submitted is private, except the name of the applicant;
• Once the Exchange makes a final determination of the application, all data is public, except for trade secret information;
• Data created or maintained by a governmental entity to evaluate the application are protected nonpublic data until a final determination has been made and all appeals have been exhausted, except for trade secret and attorney-client privileged information;
• If an application is denied, the public data must include the evaluation criteria and specific reasons for denial, which must be published on the Exchange website.

The Minnesota Exchange may share or disseminate private or nonpublic data on individuals, employees or employers participating in the Exchange as follows:

• To the subject of the data;
• Based on a court order;
• Based on a state or federal law authorizing access to the data;
• With other state agencies to verify identity, eligibility of premiums, enrollment, or investigate fraud related to an individual, employee or employer participating in the Exchange.

The Minnesota Exchange may share or disseminate private or nonpublic data  on insurance carriers or Navigators as follows:

• To the subject of the data;
• Based on a court order;
• Based on a state or federal law authorizing access to the data;
• With other state agencies to carry out the purposes of the Exchange with a data sharing agreement in place;
• With a nongovernmental entity or person to carry out the purposes of the Exchange  with a contract in place;
• Sharing or disseminating Exchange data outside of the authorized situations is prohibited.

Until July 1, 2014, state agencies must share private and nonpublic data on individuals, employees, and employers participating in the Exchange, as necessary to verify identity, eligibility, enrollment and investigate fraud, with the requirement of a data sharing agreement.

The Minnesota Insurance Exchange must also provide any subject of private data with the following:

• Notice of rights regarding handling of genetic information;
• Notice of the Exchange’s record retention policy, including length of retention period and how records will destroyed;

All such notices must be provided in electronic format that can be printed or downloaded.

The Exchange may create and disclose summary data derived from individual private and nonpublic data. 

Only individuals with explicit authorization from the Exchange board may have access to nonpublic data collected in the Exchange.  All actions where Exchange data has been accessed or shared outside of the Exchange must be recorded in a data audit trail.  The Board is authorized to revoke authorization to access Exchange data if an individual has accessed or shared data willfully or was not given explicit permission to do so. 

The Minnesota Exchange is not permitted to sell data collected or maintained under the Exchange for commercial or any other purpose.  The Exchange is not allowed to collect information on gun ownership.