Experts with the National Association of Health Underwriters are recommending that health insurance agents begin preparing immediately to comply with the new state and federal financial privacy standards.
Some state insurance regulators may go easier on insurance agencies than others, but Jessica Waltman, NAHUs manager of health policy, advised agents here for the Arlington, Va.-based trade groups annual convention that they should comply with the tougher states standards.
“There are tons and tons of lawyers just looking for someone to sue,” Waltman said. “God forbid that any of you be the example.”
Congress called for the development of health privacy standards in the Health Insurance Portability and Accountability Act of 1996.
Federal regulators appear to be months away from final adoption of the HIPAA health privacy regulation, according to Janet Stokes Trautwein, NAHUs director of federal policy analysis.
Many states are waiting for final approval of the HIPAA health privacy standards before adopting final health privacy standards of their own, Trautwein said.
Congress included federal financial privacy standards in the Gramm-Leach-Bliley Financial Services Modernization Act of 1999.
The federal financial information standards, which states are already starting to implement, do apply to health insurance agents, because the rules protect almost everything in a customers insurance records, including the customers home telephone number, Waltman said.
The financial privacy law applies to financial institutions, and it “clearly defines producers as financial institutions,” Waltman said.
Both the health and the financial privacy standards require companies to notify customers about their privacy rights.
When companies are protecting health information, they must persuade customers to “opt in” to any information-sharing arrangements. When financial institutions are protecting financial information, they can require customers to “opt out” of information-sharing arrangements, speakers said.
Financial institutions do not have to get customers to sign opt-out forms to share financial information for purposes such as handling transactions clients have requested, preventing fraud, or meeting insurance commissioners requests for information, Waltman said.
Because each state must develop its own guidelines for implementing the financial privacy rules, multistate financial institutions may find themselves struggling to comply with many different privacy standards, Waltman said.
Some insurance commissioners, for example, want to exempt normal insurance agencies from the rules requiring regular privacy disclosure mailings, but other commissioners do not want to exempt agencies, Waltman reported.
NAHU and its legal advisors have developed a guide that offers descriptions of each states financial privacy standards.
For now, NAHU is recommending that agents in all states avoid sharing information about customers for non-business purposes. It is also recommending that agents send annual privacy disclosure notices to customers; send new notices whenever privacy policies change; keep careful records of disclosure mailings; and guard against sharing protected financial information except when customers have signed the necessary release forms.
Waltman suggested that agents might be able to get some benefit for themselves from the disclosure mailings by including marketing literature along with the privacy disclosure notices.
Reproduced from National Underwriter Life & Health/Financial Services Edition, July 13, 2001. Copyright 2001 by The National Underwriter Company in the serial publication. All rights reserved.Copyright in this article as an independent work may be held by the author.