|
|
|
|
93RD GENERAL ASSEMBLY
State of Illinois
2003 and 2004
HB5006
Introduced 02/05/04, by Elaine Nekritz SYNOPSIS AS INTRODUCED:
|
|
815 ILCS 505/2MM |
|
815 ILCS 505/2QQ new |
|
|
Amends the Consumer Fraud and Deceptive Business Practices Act. Provides that any person who uses a consumer credit report in connection with the approval of credit, may not lend money, extend credit, or complete the purchase, lease, or rental of goods or non-credit related services without taking reasonable steps to verify the consumer's identity. Provides that if a consumer places a statement with a security alert in his or her file requesting that his or her identity be verified by calling a specified telephone number, any person who receives that statement with the security alert in the consumer's file must take reasonable steps to verify his or her identity by contacting the consumer using the specified telephone number, prior to lending money, extending credit, or completing the purchase, lease, or rental of goods or non-credit related services, with certain exceptions. Provides that a consumer credit reporting agency is required to provide to a consumer information about security alerts and security freezes and their consequences. Prohibits a person or entity from publicly posting or displaying an individual's social security number or doing certain other acts that might compromise the security of an individual's social security number. Provides that a person or entity shall not encode or embed a social security number on a card or document, including a bar code, chip, or magnetic strip.
|
| |
|
|
|
|
A BILL FOR
|
|
|
|
|
HB5006 |
|
LRB093 19466 RXD 45205 b |
|
|
| 1 |
| AN ACT concerning business transactions.
|
| 2 |
| Be it enacted by the People of the State of Illinois,
|
| 3 |
| represented in the General Assembly:
|
| 4 |
| Section 5. The Consumer Fraud and Deceptive Business |
| 5 |
| Practices Act is amended by changing Section 2MM and adding |
| 6 |
| Section 2QQ as follows:
|
| 7 |
| (815 ILCS 505/2MM)
|
| 8 |
| Sec. 2MM. Verification of accuracy of credit reporting |
| 9 |
| information used to
extend consumers credit; security alert |
| 10 |
| notices.
|
| 11 |
| (a) A credit card issuer who mails an offer or solicitation |
| 12 |
| to apply for a
credit card and who receives a completed |
| 13 |
| application in response to the offer
or
solicitation which |
| 14 |
| lists an address that is not substantially the same as the
|
| 15 |
| address on the offer or solicitation may not issue a credit |
| 16 |
| card based on that
application until reasonable steps have been |
| 17 |
| taken to verify the applicant's
change of address.
|
| 18 |
| (b) Any person who uses a consumer credit report in |
| 19 |
| connection with the
approval of credit based on the application |
| 20 |
| for an extension of credit, or with the purchase, lease, or |
| 21 |
| rental of goods or non-credit related services, and who
has |
| 22 |
| received notification of a police report filed with a consumer |
| 23 |
| reporting
agency that the applicant has been a victim of |
| 24 |
| financial
identity theft, as defined in Section 16G-15 of the |
| 25 |
| Criminal Code of 1961, or has received notification of a |
| 26 |
| security alert, may
not lend money or extend credit without |
| 27 |
| taking reasonable steps to verify the
consumer's identity and |
| 28 |
| confirm that the application for an extension of
credit
is not |
| 29 |
| the result of financial identity theft. If the consumer has |
| 30 |
| placed a statement with a security alert in his or her file |
| 31 |
| requesting that identity be verified by calling a specified |
| 32 |
| telephone number, any person who receives that statement with |
|
|
|
HB5006 |
- 2 - |
LRB093 19466 RXD 45205 b |
|
|
| 1 |
| the security alert in a consumer's file shall take reasonable |
| 2 |
| steps to verify the identity of the consumer by contacting the |
| 3 |
| consumer using the specified telephone number prior to lending |
| 4 |
| money, extending credit, or completing the purchase, lease, or |
| 5 |
| rental of goods or non-credit related services. If a person |
| 6 |
| uses a consumer credit report to facilitate the extension of |
| 7 |
| credit or for another permissible purpose on behalf of a |
| 8 |
| subsidiary, affiliate, agent, assignee, or prospective |
| 9 |
| assignee, that person may verify a consumer's identity under |
| 10 |
| this subsection (b) instead of the subsidiary, affiliate, |
| 11 |
| agent, assignee, or prospective assignee. |
| 12 |
| (b-1) If a consumer uses a consumer credit reporting agency |
| 13 |
| he or she may elect to place a security alert in his or her |
| 14 |
| credit report by making a request in writing or by telephone to |
| 15 |
| a consumer credit report agency. A consumer credit reporting |
| 16 |
| agency shall: |
| 17 |
| (1) Notify each person requesting consumer credit |
| 18 |
| information with respect to a consumer of the existence of |
| 19 |
| a security alert in the credit report of that consumer, |
| 20 |
| regardless of whether a full credit report, credit score, |
| 21 |
| or summary report is requested. |
| 22 |
| (2) Maintain a toll-free telephone number to accept |
| 23 |
| security alert requests from consumers 24 hours a day, |
| 24 |
| seven days a week. The toll-free telephone number shall be |
| 25 |
| included in any written disclosure by a consumer credit |
| 26 |
| reporting agency to any consumer and shall be printed in a |
| 27 |
| clear and conspicuous manner. |
| 28 |
| (3) Place a security alert on a consumer's credit |
| 29 |
| report no later than 5 business days after receiving a |
| 30 |
| request from the consumer. The security alert shall remain |
| 31 |
| in place for at least 90 days, and a consumer shall have |
| 32 |
| the right to request a renewal of the security alert. |
| 33 |
| (4) Notify each consumer who has requested that a |
| 34 |
| security alert be placed on his or her consumer credit |
| 35 |
| report of the expiration date of the alert. |
| 36 |
| (5) Promptly disclose files maintained on a consumer as |
|
|
|
HB5006 |
- 3 - |
LRB093 19466 RXD 45205 b |
|
|
| 1 |
| follows: |
| 2 |
| (A) In person, if the consumer appears and |
| 3 |
| furnishes proper identification at the location where |
| 4 |
| the consumer credit reporting agency maintains trained |
| 5 |
| personnel. |
| 6 |
| (B) By mail, if the consumer makes a written |
| 7 |
| request with proper identification for a copy of the |
| 8 |
| file or a decoded written version of that file to be |
| 9 |
| sent to the consumer at a specified address. A |
| 10 |
| disclosure under this subparagraph (B) shall be |
| 11 |
| deposited in the United States mail, postage prepaid, |
| 12 |
| within 5 business days after the consumer's written |
| 13 |
| request for the disclosure is received by the consumer |
| 14 |
| credit reporting agency. Consumer credit reporting |
| 15 |
| agencies complying with requests for mailings under |
| 16 |
| this subparagraph (B) shall not be liable for |
| 17 |
| disclosures to third parties caused by mishandling of |
| 18 |
| mail after the mailings leave the consumer credit |
| 19 |
| reporting agencies. |
| 20 |
| (C) By telephone, if the consumer has made a |
| 21 |
| written request, with proper identification for |
| 22 |
| telephone disclosure. |
| 23 |
| Information in a consumer's file required to be provided in |
| 24 |
| writing under this paragraph (5) may also be disclosed in |
| 25 |
| another form if authorized by the consumer and if available |
| 26 |
| from the consumer credit reporting agency. A consumer may |
| 27 |
| request disclosure by telephone upon disclosure of proper |
| 28 |
| identification by the consumer, by electronic means if |
| 29 |
| available from the consumer credit reporting agency, or by any |
| 30 |
| other reasonable means that is available from the consumer |
| 31 |
| credit reporting agency. |
| 32 |
| (6) Provide a consumer with a written summary of all of |
| 33 |
| his or her rights with any written disclosure in the |
| 34 |
| following form: |
| 35 |
| "You have a right to obtain a copy of your credit file |
| 36 |
| from a consumer credit reporting agency. You may be charged |
|
|
|
HB5006 |
- 4 - |
LRB093 19466 RXD 45205 b |
|
|
| 1 |
| a reasonable fee not to exceed $8. There is no fee, if you |
| 2 |
| have been turned down for credit, employment, insurance, or |
| 3 |
| a rental dwelling because of information in your credit |
| 4 |
| report within the preceding 60 days. The consumer credit |
| 5 |
| reporting agency must provide trained personnel to help you |
| 6 |
| interpret the information in your credit file. |
| 7 |
| You have a right to dispute inaccurate information by |
| 8 |
| contacting the consumer credit reporting agency directly. |
| 9 |
| However, neither you or any credit repair company or credit |
| 10 |
| service organization has the right to have accurate, |
| 11 |
| current, and verifiable information removed from your |
| 12 |
| credit report. Under the Federal Fair Credit Reporting Act, |
| 13 |
| the consumer credit reporting agency must remove accurate, |
| 14 |
| negative information from your report only if it is over 7 |
| 15 |
| years old. Bankruptcy information can be reported for 10 |
| 16 |
| years. |
| 17 |
| If you have notified a consumer credit reporting agency |
| 18 |
| in writing that you dispute the accuracy of information in |
| 19 |
| your file, the consumer credit reporting agency must then, |
| 20 |
| within 30 business days, reinvestigate and modify or remove |
| 21 |
| inaccurate information. The consumer credit
reporting |
| 22 |
| agency may not charge a fee for this service. Any pertinent
|
| 23 |
| information and copies of all documents you have concerning |
| 24 |
| an error
should be given to the consumer credit reporting |
| 25 |
| agency. |
| 26 |
| If reinvestigation does not resolve the dispute to your |
| 27 |
| satisfaction, you may send a brief statement to the |
| 28 |
| consumer credit reporting agency to
keep in your file, |
| 29 |
| explaining why you think the record is inaccurate. The
|
| 30 |
| consumer credit reporting agency must include your |
| 31 |
| statement about
disputed information in a report it issues |
| 32 |
| about you. |
| 33 |
| You have a right to receive a record of all inquiries |
| 34 |
| relating to a credit transaction initiated in 12 months |
| 35 |
| preceding your request. This record shall include the |
| 36 |
| recipients of any consumer credit report.
You may request |
|
|
|
HB5006 |
- 5 - |
LRB093 19466 RXD 45205 b |
|
|
| 1 |
| in writing that the information contained in your file not |
| 2 |
| be provided to a third party for marketing purposes. |
| 3 |
| You have a right to place a "security alert" in your |
| 4 |
| credit report, which will warn anyone who receives |
| 5 |
| information in your credit report that your identity may |
| 6 |
| have been used without your consent. Recipients of
your |
| 7 |
| credit report are required to take reasonable steps, |
| 8 |
| including
contacting you at the telephone number you may |
| 9 |
| provide with your
security alert, to verify your identity |
| 10 |
| prior to lending money, extending
credit, or completing the |
| 11 |
| purchase, lease, or rental of goods or services.
The |
| 12 |
| security alert may prevent credit, loans, and services from |
| 13 |
| being
approved in your name without your consent. However, |
| 14 |
| you should be
aware that taking advantage of this right may |
| 15 |
| delay or interfere with the
timely approval of any |
| 16 |
| subsequent request or application you make
regarding a new |
| 17 |
| loan, credit, mortgage, insurance, rental housing,
|
| 18 |
| employment, investment, license, cellular phone, |
| 19 |
| utilities, digital
signature, Internet credit card |
| 20 |
| transaction, or other services, including an
extension of |
| 21 |
| credit at point of sale. If you place a security alert on |
| 22 |
| your
credit report, you have a right to obtain a free copy |
| 23 |
| of your credit report
at the time the 90-day security alert |
| 24 |
| period expires. A security alert may
be requested by |
| 25 |
| calling the following toll-free telephone number: (Insert
|
| 26 |
| applicable toll-free telephone number). |
| 27 |
| You have a right to place a "security freeze" on your |
| 28 |
| credit report,
which will prohibit a consumer credit |
| 29 |
| reporting agency from releasing
any information in your |
| 30 |
| credit report without your express authorization.
A |
| 31 |
| security freeze must be requested in writing by certified |
| 32 |
| mail. The
security freeze is designed to prevent credit, |
| 33 |
| loans, and services from
being approved in your name |
| 34 |
| without your consent. However, you
should be aware that |
| 35 |
| using a security freeze to take control over who gets
|
| 36 |
| access to the personal and financial information in your |
|
|
|
HB5006 |
- 6 - |
LRB093 19466 RXD 45205 b |
|
|
| 1 |
| credit report may
delay, interfere with, or prohibit the |
| 2 |
| timely approval of any subsequent
request or application |
| 3 |
| you make regarding a new loan, credit, mortgage,
insurance, |
| 4 |
| government services or payments, rental housing,
|
| 5 |
| employment, investment, license, cellular phone, |
| 6 |
| utilities, digital
signature, Internet credit card |
| 7 |
| transaction, or other services, including an
extension of |
| 8 |
| credit at point of sale. When you place a security freeze |
| 9 |
| on
your credit report, you will be provided a personal |
| 10 |
| identification number
or password to use if you choose to |
| 11 |
| remove the freeze on your credit
report or authorize the |
| 12 |
| release of your credit report for a specific party
or |
| 13 |
| period of time after the freeze is in place. To provide |
| 14 |
| that authorization
you must contact the consumer credit |
| 15 |
| reporting agency and provide all
of the following: |
| 16 |
| (1) the personal identification number or |
| 17 |
| password; |
| 18 |
| (2) proper identification to verify your identity; |
| 19 |
| and |
| 20 |
| (3) the proper information regarding the third |
| 21 |
| party who is to receive the credit report or the period |
| 22 |
| of time for which the report shall be
available. |
| 23 |
| A consumer credit reporting agency must authorize the |
| 24 |
| release of your credit report no later than 3 business days |
| 25 |
| after receiving the above information. |
| 26 |
| A security freeze does not apply to a person or entity, |
| 27 |
| or its affiliates, or collection agencies acting on behalf |
| 28 |
| of the person or entity with which you have an existing |
| 29 |
| account, that requests information in your credit report |
| 30 |
| for the purposes of reviewing or collecting the account.
|
| 31 |
| Reviewing the account includes activities related to |
| 32 |
| account
maintenance, monitoring, credit line increases, |
| 33 |
| and account upgrades
and enhancements. |
| 34 |
| You have a right to bring civil action against anyone, |
| 35 |
| including a
consumer credit reporting agency, who |
| 36 |
| improperly obtains access to a
file, knowingly or willfully |
|
|
|
HB5006 |
- 7 - |
LRB093 19466 RXD 45205 b |
|
|
| 1 |
| misuses file data, or fails to correct
inaccurate file |
| 2 |
| data. |
| 3 |
| If you are a victim of identity theft and provide to a |
| 4 |
| consumer credit reporting agency a copy of a valid police |
| 5 |
| report or a valid investigative report made by a Department |
| 6 |
| of Motor Vehicles investigator with peace officer status |
| 7 |
| describing your circumstances, the following shall apply: |
| 8 |
| (1) You have a right to have any information you |
| 9 |
| list on the report as allegedly fraudulent promptly |
| 10 |
| blocked so that the information cannot be
reported. The |
| 11 |
| information will be unblocked only if (1) the |
| 12 |
| information
you provide is a material |
| 13 |
| misrepresentation of the facts, (2) you agree
that the |
| 14 |
| information is blocked in error, or (3) you knowingly |
| 15 |
| obtained
possession of goods, services, or moneys as |
| 16 |
| result of the blocked
transactions. If blocked |
| 17 |
| information is unblocked you will be promptly
|
| 18 |
| notified. |
| 19 |
| (2) By the effective date of this amendatory Act of |
| 20 |
| the 93rd General Assembly, you have a right to receive, |
| 21 |
| free of charge and upon request, one copy of your |
| 22 |
| credit report each month for up to 12 consecutive |
| 23 |
| months.". |
| 24 |
| (b-2) The following entities are not required to place a |
| 25 |
| security alert in a consumer credit report: |
| 26 |
| (1) A check services or fraud prevention services |
| 27 |
| company, which issues reports on incidents of fraud or |
| 28 |
| authorizations for the purpose of approving or |
| 29 |
| processing negotiable instruments, electronic funds |
| 30 |
| transfers, or similar methods of payments. |
| 31 |
| (2) A deposit account information service company, |
| 32 |
| which issues reports regarding account closures due to |
| 33 |
| fraud, substantial overdrafts, ATM abuse, or similar |
| 34 |
| negative information regarding a consumer, to |
| 35 |
| inquiring banks or other financial institutions for |
| 36 |
| use only in reviewing a consumer request for a deposit |
|
|
|
HB5006 |
- 8 - |
LRB093 19466 RXD 45205 b |
|
|
| 1 |
| account at the inquiring bank or financial |
| 2 |
| institution. |
| 3 |
| (b-3) The consumer has the right to request and receive all |
| 4 |
| of the following: |
| 5 |
| (1) Either a decoded written version of the file or a |
| 6 |
| written copy of the file, including all information in the |
| 7 |
| file at the time of the request, with an explanation of any |
| 8 |
| code used. |
| 9 |
| (2) A credit score for the consumer, the key factors, |
| 10 |
| and the related information. |
| 11 |
| (3) A record of all inquiries, by recipient, which |
| 12 |
| result in the provision of information concerning the |
| 13 |
| consumer in connection with a credit transaction that is |
| 14 |
| not initiated by the consumer and which were received by |
| 15 |
| the consumer credit reporting agency in the 12-month period |
| 16 |
| immediately preceding the request for disclosure. |
| 17 |
| (4) The recipients, of any consumer credit report on |
| 18 |
| the consumer which the consumer credit reporting agency has |
| 19 |
| furnished for employment purposes within the 12-month |
| 20 |
| period preceeding the request or any other purpose within |
| 21 |
| the 12-month period preceding the request.
|
| 22 |
| (c) For purposes of this Section, "extension of credit" |
| 23 |
| does not include
an increase in an existing open-end credit |
| 24 |
| plan, as defined in Regulation Z of
the Federal Reserve System |
| 25 |
| (12 C.F.R. 226.2), or any change to or review of an
existing |
| 26 |
| credit account. |
| 27 |
| (c-1) For purposes of this Section, "security alert" means |
| 28 |
| a notice placed in a consumer's credit report, at the request |
| 29 |
| of the consumer, which notifies a recipient of the credit |
| 30 |
| report that the consumer's identity may have been used without |
| 31 |
| the consumer's consent to fraudulently obtain goods or services |
| 32 |
| in the consumer's name. |
| 33 |
| (c-2) For purposes of this Section, "proper |
| 34 |
| identification" means that information generally deemed |
| 35 |
| sufficient to identify a person. Only if the consumer is unable |
| 36 |
| to reasonably identify himself or herself, may a consumer |
|
|
|
HB5006 |
- 9 - |
LRB093 19466 RXD 45205 b |
|
|
| 1 |
| credit reporting agency require additional information |
| 2 |
| concerning the consumer's employment and personal or family |
| 3 |
| history in order to verify his or her identity.
|
| 4 |
| (d) Any person who violates the provisions of this Section
|
| 5 |
| subsection (a) or subsection (b) commits an
unlawful practice |
| 6 |
| within the meaning of this Act. If a consumer reporting agency |
| 7 |
| recklessly, willfully, or intentionally fails to place a |
| 8 |
| security alert notice in a consumer's credit report it shall be |
| 9 |
| guilty of a business offense and subject to a fine in an amount |
| 10 |
| not to exceed $2,500 plus the cost of reasonable attorney's |
| 11 |
| fees.
|
| 12 |
| (Source: P.A. 93-195, eff. 1-1-04.)
|
| 13 |
| (815 ILCS 505/2QQ new)
|
| 14 |
| Sec. 2QQ. Social security number protection. |
| 15 |
| (a) Notwithstanding subsection (b), any financial |
| 16 |
| institution may print the social security number of an |
| 17 |
| individual on any account statement or similar document mailed |
| 18 |
| to that individual, if the social security number is provided |
| 19 |
| in connection with a transaction governed by the rules of the |
| 20 |
| National Automated Clearing House Association, or a |
| 21 |
| transaction initiated by a federal governmental entity through |
| 22 |
| an automated clearing house network. |
| 23 |
| (b) A person or entity may not do any of the following: |
| 24 |
| (1) Publicly post or publicly display, in any manner, |
| 25 |
| an individual's social security number. "Publicly post" or |
| 26 |
| "publicly display" means to intentionally communicate or |
| 27 |
| otherwise make available to the general public. |
| 28 |
| (2) Print an individual's social security number on any |
| 29 |
| card required for the individual to access products or |
| 30 |
| services provided by the person or entity. |
| 31 |
| (3) Require an individual to transmit his or her social |
| 32 |
| security number over the Internet, unless the connection is |
| 33 |
| secure or the social security number is encrypted. |
| 34 |
| (4) Require an individual to use his or her social |
| 35 |
| security number to access an Internet Web site, unless a |
|
|
|
HB5006 |
- 10 - |
LRB093 19466 RXD 45205 b |
|
|
| 1 |
| password or unique personal identification number or other |
| 2 |
| authentication device is also required to access the |
| 3 |
| Internet Web site. |
| 4 |
| (5) Print an individual's social security number on any |
| 5 |
| materials that are mailed to the individual, unless State |
| 6 |
| or federal law requires the social security number to be on |
| 7 |
| the document to be mailed. Notwithstanding this subsection |
| 8 |
| (a), social security numbers may be included in |
| 9 |
| applications and forms sent by mail, including documents |
| 10 |
| sent as part of an application or enrollment process, or to |
| 11 |
| establish, amend or terminate an account, contract or |
| 12 |
| policy, or to confirm the accuracy of the social security |
| 13 |
| number. |
| 14 |
| (c) Except as provided in subsection (f), a person or |
| 15 |
| entity that has used, prior to the effective date of this |
| 16 |
| amendatory Act by the 93rd General Assembly, an individual's |
| 17 |
| social security number in a manner inconsistent with subsection |
| 18 |
| (b), may continue using that individual's social security |
| 19 |
| number in that manner on or after the effective date of this |
| 20 |
| amendatory Act by the 93rd General Assembly, and a State or |
| 21 |
| local agency that has used, prior to the effective date of this |
| 22 |
| amendatory Act by the 93rd General Assembly, an individual's |
| 23 |
| social security number in a manner inconsistent with subsection |
| 24 |
| (b), may continue using that individual's social security |
| 25 |
| number in that manner on or after the effective date of this |
| 26 |
| amendatory Act by the 93rd General Assembly, if all of the |
| 27 |
| following conditions are met: |
| 28 |
| (1) The use of the social security number is |
| 29 |
| continuous. If the use is stopped for any reason, |
| 30 |
| subsection (b) shall apply. |
| 31 |
| (2) The individual is provided an annual disclosure |
| 32 |
| that informs the individual that he or she has the right to |
| 33 |
| stop the use of his or her social security number in a |
| 34 |
| manner prohibited by subsection (b). |
| 35 |
| A written request by an individual to stop the use of his |
| 36 |
| or her social security number in a manner prohibited by |
|
|
|
HB5006 |
- 11 - |
LRB093 19466 RXD 45205 b |
|
|
| 1 |
| subsection (b) is implemented within 30 days of the receipt of |
| 2 |
| the request. There may not be a fee or charge for implementing |
| 3 |
| the request. |
| 4 |
| The person or entity may not deny services to an individual |
| 5 |
| because the individual makes a written request pursuant to this |
| 6 |
| subsection (c). |
| 7 |
| (d) This Section does not apply to documents that are |
| 8 |
| recorded or required to be open to the public. |
| 9 |
| (e) In the case of a health care service plan, a provider |
| 10 |
| of health care, an insurer or a pharmacy benefits manager, a |
| 11 |
| contractor, or the provision by any person or entity of |
| 12 |
| administrative or other services relative to health care or |
| 13 |
| insurance products or services, including third-party |
| 14 |
| administration or administrative services only, this Section |
| 15 |
| shall become operative in the following manner: |
| 16 |
| (1) By the effective date of this amendatory Act by |
| 17 |
| the 93rd General Assembly the entities listed in |
| 18 |
| subsection (e) shall comply with paragraphs (1), (3), |
| 19 |
| (4), and (5) of subsection (b), as these requirements |
| 20 |
| pertain to individual policyholders or individual |
| 21 |
| contract holders. |
| 22 |
| (2) By the effective date of this amendatory Act by |
| 23 |
| the 93rd General Assembly the entities listed in |
| 24 |
| subsection (1) shall comply with subsection (b) as |
| 25 |
| these requirements pertain to new individual |
| 26 |
| policyholders or new individual contract holders and |
| 27 |
| new groups. |
| 28 |
| (f) A health care service plan, a provider of health care, |
| 29 |
| an insurer or a pharmacy benefits manager, a contractor, or |
| 30 |
| another person or entity as described in subsection (e) shall |
| 31 |
| make reasonable efforts to cooperate, through systems testing |
| 32 |
| and other means, to ensure that the requirements of this |
| 33 |
| Section are implemented on or before the dates specified in |
| 34 |
| this Section. |
| 35 |
| (1) Notwithstanding paragraph (2) of this Section, the |
| 36 |
| Director of the Illinois Department of Public Aid, or the |
|
|
|
HB5006 |
- 12 - |
LRB093 19466 RXD 45205 b |
|
|
| 1 |
| Director of the Department of Insurance, and upon a |
| 2 |
| determination of good cause, may grant extensions not to |
| 3 |
| exceed 6 months, for compliance with the requirements of |
| 4 |
| this Section when requested by the health care service plan |
| 5 |
| provider or insurer. Any extension granted shall apply to |
| 6 |
| the health care service plan or insurer's affected |
| 7 |
| providers, pharmacy benefits manager, and contractors. |
| 8 |
| (2) If a federal law takes effect requiring the United |
| 9 |
| States Department of Health and Human Services to establish |
| 10 |
| a national unique patient health identifier program, a |
| 11 |
| provider of health care, a health care service plan, a |
| 12 |
| licensed health care professional, or a contractor, that |
| 13 |
| complies with the federal law shall be deemed in compliance |
| 14 |
| with this Section. |
| 15 |
| (g) A person or entity may not encode or embed a social |
| 16 |
| security number in or on a card or document, including, but not |
| 17 |
| limited to, using a bar code, chip, magnetic strip, or other |
| 18 |
| technology, in place of removing the social security number, as |
| 19 |
| required by this Section.
|