NU Online News Service, Aug. 20, 2003, 6:02 p.m. EDT – Representatives for insurance trade groups say insurers still have some concerns about the way regulators will enforce the privacy requirements created by the Health Insurance Portability and Accountability Act of 1996 and the Gramm-Leach-Bliley Financial Services Modernization Act of 1999.
The trade groups could raise their concerns in Chicago in September, when the National Association of Insurance Commissioners, Kansas City, Mo., holds its fall meeting.
Bruce Ferguson, senior vice president-state relations with the American Council of Life Insurers, Washington, says differences in state privacy standards could interfere with efforts to create a national market conduct exam.
Some states combine health privacy standards with financial privacy standards, but others focus solely on financial privacy, Ferguson notes.
The ACLI also has concerns about the cost of compliance and the effects of requests for proprietary information.
A centralized company with one privacy policy might spend $30,000 to go through a privacy market conduct examination, but a decentralized company that lets each unit handle privacy separately might have to spend far more, Ferguson says.
Ferguson also has concerns about an NAIC privacy survey that includes questions about proprietary information, such as computer system security features. If regulators publish insurers’ descriptions of computer security features, the survey report “could be a blueprint to invasion of computer systems,” Ferguson warns.