BILL NUMBER: S2393
SPONSOR: PERSAUD
 
TITLE OF BILL:
An act to amend the general business law, in relation to prohibiting
hospitals and health care providers from storing credit card information
without consent
 
PURPOSE OR GENERAL IDEA OF BILL:
The purpose of this legislation is to safeguard consumer's credit card
information from being stored and subsequently charged by hospitals and
health care providers without the consumer's consent.
 
SUMMARY OF PROVISIONS:
Section 1 adds a new subdivision 4 to Section 519-a of the general busi-
ness law stating that no hospital or health care provider shall keep a
credit card on file without obtaining a signature from the patient.
Additionally, it adds that patients should be notified in writing, using
twelve-point font or larger, at the time of paying for any services with
a credit card if the credit card information will be kept on file and if
such credit card information will be used to pay any balances on the
account.
Section 2 sets the bill's effective date.
 
JUSTIFICATION:
Most medical practices and providers store patient's credit card infor-
mation in their records as a part of their personal identifiable infor-
mation (PHI). This is sometimes an automatic action that the patient may
or may not have authorized.
This bill would mitigate issues with unauthorized transactions on a
patient's credit card by ensuring the patient is aware of and has agreed
to having their credit card information stored by their provider.
 
PRIOR LEGISLATIVE HISTORY:
New legislation.
 
FISCAL IMPLICATIONS:
None
 
EFFECTIVE DATE:
This act shall take effect on the ninetieth day after it shall have
become law. Effective immediately, the addition, amendment and/or repeal
of any rule or regulation necessary for the implementation of this act
on its effective date are authorized to be made and completed on or
before such effective date.

Statutes affected:
S2393: 519-a general business law