(1) The purpose of this subchapter is to establish uniform regulatory standards for health carriers and to create minimum standards for carriers to adopt policies and procedures that conform administrative, business, and operational practices to protect an enrollee's right to privacy and right to confidential health care services granted under state or federal laws.
(2) This subchapter applies to all health carriers except as otherwise expressly provided in this subchapter. Health carriers are responsible for compliance with the provisions of this subchapter and are responsible for the compliance of any person or organization acting on behalf of or at the direction of the carrier, or acting pursuant to carrier standards or requirements concerning the coverage of, payment for, or administration of health care benefits. A carrier may not offer as a defense to a violation of any provision of this subchapter that the violation arose from the act or omission of a participating provider or facility, network administrator, claims administrator, health care benefit manager, or other person acting on behalf of or at the direction of the carrier, or acting pursuant to carrier standards or requirements under a contract with the carrier rather than from the direct act or omission of the carrier.