As introduced: - Establishes deadlines for prior authorization decisions and requires that a denial initiated by an automated decision system be reviewed by a board-certified specialist. - Requires health plans to cover telehealth services at parity with in-person services and to maintain a public, up-to-date directory of in-network providers. - Prohibits managed care plans from denying coverage for emergency services based on retrospective review and prohibits retaliation against providers for filing complaints. - Creates new data security standards. Requires that before offshoring data, entities must attest to the regulator that overseas subcontractors meet specified security safeguards, and are subject to random audits and documentation requests. - Requires a 72-hour data breach notification requirement and commissioner oversight of offshored enrollee data. - Expands the insurance commissioner's authority to audit and penalize noncompliant health carriers and requires public reporting on claim denials, automated system usage, and data breaches.
| Date | Chamber | Action |
|---|---|---|
Jan 26, 2026 | S | Referred to HHS, CPN. |
Jan 21, 2026 | S | Introduced and passed First Reading. |
Jan 14, 2026 | S | Pending Introduction. |
| Last Action | Jan 26, 2026 |
| Year | 2025 |
| Bill Type | Bill |
| Created | Jan 20, 2026 |
| Updated | Jan 27, 2026 |