Healthcare Compliance / State Law

MA PATCH

An Act to Protect Access to Confidential Healthcare (PATCH Act) - M.G.L. Chapter 176O, Section 27

Massachusetts Specific Legally Required

Massachusetts state law allowing individuals covered under someone else's health insurance to request that billing information for sensitive healthcare services be sent directly to them, protecting their privacy from the primary policyholder.

Executive Summary

The PATCH Act protects insurance billing privacy for sensitive healthcare services. Patients can request billing information go directly to them rather than the primary policyholder, preventing unwanted disclosure of mental health, substance use disorder, HIV/STD, reproductive health, and gender affirmation services.

Comprehensive Documentation

MA PATCH Act - Protecting Access to Confidential Healthcare

Overview


The Massachusetts PATCH Act (M.G.L. Chapter 176O, Section 27) protects the privacy of individuals who receive sensitive healthcare services under someone else's health insurance plan by allowing them to request that billing information be sent directly to them rather than to the primary policyholder.

Signed into Law: July 2, 2018 (Chapter 135 of the Acts of 2018)
Effective Date: April 1, 2019
Last Updated: Active and in force

Legislative Authority

Statutory Citation


  • M.G.L. Chapter 176O, Section 27 - "Confidential communications for protected individuals"

  • Signed as Chapter 135 of the Acts of 2018


Official Name


"An Act to Protect Access to Confidential Healthcare" (PATCH Act)

Who Must Comply

Covered Entities (Massachusetts Insurers)


  • Health insurance carriers licensed in Massachusetts

  • Health Maintenance Organizations (HMOs)

  • Dental insurance plans

  • Vision insurance plans

  • All group and individual health insurance policies issued or renewed in MA after April 1, 2019


Protected Individuals (Who Can Request Confidential Communications)


  • Any individual covered under someone else's health insurance policy

  • Dependents on a parent's or spouse's policy

  • Adults covered under a family member's plan

  • Anyone seeking sensitive healthcare services who wants privacy from the policyholder


What the Law Protects

Sensitive Healthcare Services


The PATCH Act protects billing information for:

  1. Mental Health Services

- Psychotherapy and counseling
- Psychiatric treatment
- Behavioral health services
- Mental health evaluations

  1. Substance Use Disorder (SUD) Treatment

- Addiction treatment programs
- Detoxification services
- Medication-assisted treatment (MAT)
- Recovery support services

  1. Sexual and Reproductive Health

- Contraception services
- STD/STI testing and treatment
- HIV testing and treatment
- Pregnancy testing and services
- Reproductive health counseling

  1. Gender-Affirming Care

- Hormone therapy
- Gender transition services
- Mental health services for gender identity
- Related medical procedures

  1. Intimate Partner Violence Services

- Domestic violence counseling
- Sexual assault treatment
- Related support services

Protected Information

Billing Information Covered


The law protects:
  • Explanation of Benefits (EOB) statements

  • Itemized billing statements

  • Payment receipts

  • Claims information

  • Service descriptions

  • Provider names and specialties

  • Dates of service


What Gets Redirected


When a protected individual requests confidential communications:
  • All billing statements go directly to the protected individual

  • EOBs are sent to the protected individual's address

  • Electronic communications go to the protected individual's email

  • Phone calls about billing go to the protected individual's phone number


How to Exercise PATCH Rights

Step 1: Submit Request to Insurance Carrier


Protected individuals must:
  1. Contact their health insurance carrier (not the provider)

  2. Submit a written request for confidential communications

  3. Provide an alternative mailing address or email

  4. No reason or explanation required - request cannot be denied


Step 2: Insurance Carrier Obligations


Carriers must:
  1. Grant all requests - no discretion to deny

  2. Implement within reasonable timeframe

  3. Send billing information to alternative address

  4. NOT send sensitive billing to primary policyholder

  5. Maintain confidentiality


Step 3: Healthcare Provider Obligations


Providers must:
  1. Inform patients of PATCH Act rights

  2. Provide information on how to request confidential communications

  3. Direct patients to contact their insurance carrier

  4. Display notices in waiting rooms and on websites


Insurance Carrier Requirements

Mandatory Actions


Insurers MUST:
  • Grant all PATCH requests without requiring explanation

  • Redirect all billing communications to alternative address

  • Maintain confidentiality of protected individual's services

  • Not disclose to policyholder that a PATCH request was made

  • Update systems to accommodate confidential communications

  • Train staff on PATCH Act requirements

  • Inform members of PATCH Act rights in handbooks and websites


Prohibited Actions


Insurers CANNOT:
  • Deny a PATCH request for any reason

  • Require explanation for the request

  • Charge fees for confidential communications

  • Disclose PATCH request to primary policyholder

  • Send sensitive billing information to policyholder after PATCH request

  • Retaliate against protected individual

  • Discriminate in coverage based on PATCH request


Enforcement

Regulatory Authority


  • Massachusetts Division of Insurance (DOI) - Primary enforcement

  • Office of Consumer Affairs and Business Regulation (OCABR) - Oversight

  • Massachusetts Attorney General - Consumer protection enforcement


Enforcement Mechanisms


  1. Administrative Complaints to Division of Insurance

  2. Consumer Protection under M.G.L. Chapter 93A

  3. Insurance Law Violations under M.G.L. Chapter 176O

  4. Regulatory Actions by DOI against non-compliant carriers


Penalties


  • Chapter 176O violations: Administrative fines and sanctions by DOI

  • Chapter 93A violations: Multiple damages (up to 3x) + attorney's fees

  • License actions: DOI can suspend or revoke carrier licenses

  • Corrective actions: Required policy changes and member notifications


Relationship to Federal Law

HIPAA Coordination


The PATCH Act works alongside HIPAA:
  • HIPAA Privacy Rule already allows confidential communications requests

  • PATCH Act provides state-level insurance law requirements

  • Both laws protect patient privacy

  • PATCH focuses specifically on insurance billing privacy

  • Healthcare providers must comply with BOTH HIPAA and PATCH


Additional Protections Beyond HIPAA


PATCH Act provides:
  • Automatic grant of requests (no "reasonable" basis requirement)

  • Specific focus on EOB and billing statement privacy

  • State enforcement mechanisms through DOI

  • Consumer protection remedies under Chapter 93A


Implementation Guidance for Massachusetts Companies

For Health Insurance Carriers


  1. Update Member Handbooks

- Include PATCH Act rights explanation
- Provide instructions for requesting confidential communications
- List contact information for PATCH requests

  1. Train Customer Service Staff

- How to process PATCH requests
- Confidentiality requirements
- System updates needed

  1. Update IT Systems

- Alternative mailing address fields
- Automated EOB routing based on PATCH status
- Flags for protected individuals

  1. Create PATCH Request Forms

- Simple online and paper forms
- No reason/explanation fields
- Clear instructions

  1. Establish Processing Procedures

- Timeframe for implementing requests
- System updates and testing
- Quality assurance checks

For Healthcare Providers


  1. Display PATCH Act Notices

- Waiting rooms and exam rooms
- Patient intake forms
- Practice websites
- Patient portals

  1. Train Front Desk and Clinical Staff

- How to explain PATCH rights to patients
- Who to contact at insurance carriers
- How to handle patient questions

  1. Update Patient Education Materials

- Billing privacy information
- Insurance carrier contact information
- PATCH Act fact sheets

  1. Document Patient Education

- Note when PATCH rights were explained
- Provide written materials
- Document patient understanding

Massachusetts-Specific Context

Why PATCH Matters in Massachusetts


  • Massachusetts has strong privacy traditions in healthcare

  • Prevents "outing" of individuals seeking sensitive services

  • Protects LGBTQ+ individuals on parents' or spouses' insurance

  • Supports mental health treatment without stigma or disclosure

  • Enables SUD treatment without family knowing

  • Protects domestic violence survivors seeking care confidentially


Massachusetts Healthcare Landscape


  • Strong mental health and SUD treatment networks

  • Progressive LGBTQ+ healthcare access

  • Comprehensive reproductive health services

  • High rate of employer-sponsored insurance (family plans)

  • Young adults often remain on parents' plans until age 26


Related Massachusetts Laws


  • M.G.L. Chapter 111, Section 70E - HIV/AIDS confidentiality

  • M.G.L. Chapter 111E - Substance abuse treatment confidentiality

  • M.G.L. Chapter 123, Section 36A-B - Mental health records privacy

  • M.G.L. Chapter 93A - Consumer protection (enforcement)

  • 201 CMR 17.00 - Data security protections


Compliance Checklist for Massachusetts Insurers

  • [ ] Updated member handbooks to include PATCH Act rights

  • [ ] Created PATCH request forms (online and paper)

  • [ ] Trained customer service staff on PATCH processing

  • [ ] Updated IT systems to support alternative addresses

  • [ ] Established procedures for granting PATCH requests

  • [ ] Implemented EOB routing based on PATCH status

  • [ ] Tested billing systems to ensure confidentiality

  • [ ] Notified all members of PATCH Act rights

  • [ ] Updated website with PATCH information

  • [ ] Established compliance monitoring processes

  • [ ] Documented all PATCH requests and actions

  • [ ] Reviewed vendor contracts for PATCH compliance


Compliance Checklist for Massachusetts Healthcare Providers

  • [ ] Displayed PATCH Act notices in patient areas

  • [ ] Updated patient intake forms with PATCH information

  • [ ] Trained front desk staff on explaining PATCH rights

  • [ ] Created patient education materials

  • [ ] Updated practice website with PATCH information

  • [ ] Established process for directing patients to insurers

  • [ ] Documented patient education in records

  • [ ] Reviewed HIPAA policies for consistency with PATCH

  • [ ] Updated patient portals with PATCH information

  • [ ] Included PATCH in new patient orientation


Resources

Official Massachusetts Resources


  • Division of Insurance: https://www.mass.gov/orgs/division-of-insurance

  • PATCH Act Information: https://www.mass.gov/service-details/information-about-the-massachusetts-patch-act

  • Consumer Hotline: 617-521-7794 (DOI Consumer Services)

  • File a Complaint: https://www.mass.gov/how-to/file-a-complaint-with-the-division-of-insurance


Legal Authority


  • M.G.L. Chapter 176O, Section 27: https://malegislature.gov/Laws/GeneralLaws/PartI/TitleXXII/Chapter176O/Section27

  • Chapter 135 of 2018: https://malegislature.gov/Laws/SessionLaws/Acts/2018/Chapter135


Summary


The MA PATCH Act is Massachusetts' pioneering insurance billing privacy law that protects individuals from unwanted disclosure of sensitive healthcare services through insurance billing statements. It requires ALL Massachusetts health insurers to grant requests for confidential communications and provides state-level enforcement through the Division of Insurance and Attorney General.

Applicable Industries

Health InsuranceHealthcare ProvidersHealth Maintenance Organizations (HMOs)Dental and Vision Insurance

Company Size

All Massachusetts health insurers and healthcare providers regardless of size

Effective Date

4/1/2019

Penalties for Non-Compliance

Administrative fines and sanctions under M.G.L. Chapter 176O; Multiple damages under M.G.L. Chapter 93A (up to 3x damages + attorney's fees); License suspension or revocation by Division of Insurance

Massachusetts-Specific Requirements

The PATCH Act is a MASSACHUSETTS-SPECIFIC insurance billing privacy law. It applies to ALL health insurance policies issued or renewed in Massachusetts after April 1, 2019.

This law is unique to Massachusetts and protects individuals from unwanted disclosure of sensitive healthcare services through insurance Explanation of Benefits (EOB) statements sent to primary policyholders.

MA-Specific Enforcement: Division of Insurance (DOI) and Massachusetts Attorney General under Chapter 176O and Chapter 93A consumer protection laws.

Applicability to MA Companies: ALL Massachusetts health insurers, HMOs, dental plans, and vision plans must comply. Healthcare providers must inform patients of this right.

For Massachusetts Companies

This is a Massachusetts-specific regulation that applies to companies operating in or serving residents of Massachusetts. All applicable Massachusetts companies must comply.

Applicable Massachusetts Industries

Health InsuranceHealthcare Providers
Health Maintenance Organizations (HMOs)
Dental and Vision Insurance
View MA Compliance OverviewBrowse by Industry

Official Resources

Primary Source

https://malegislature.gov/Laws/GeneralLaws/PartI/TitleXXII/Chapter176O/Section27

Additional Official Sources

Enforcement Agency

Massachusetts Division of Insurance, Office of Consumer Affairs and Business Regulation, Massachusetts Attorney General