LEXIS-NEXIS® Congressional Universe-Document

Search Terms: health information privacy, House or Senate or Joint

Document 8 of 45.

View Related Topics

June 14, 2000, Wednesday

SECTION: PREPARED TESTIMONY

LENGTH: 5307 words

HEADLINE: PREPARED TESTIMONY OF AMERICAN COUNCIL OF LIFE INSURERS

BEFORE THE HOUSE COMMITTEE ON BANKING AND FINANCIAL SERVICES

BODY:
I. INTRODUCTION

The American Council of Life Insurers (ACLI) is pleased to submit this statement on the Medical Financial Privacy Protection Act (H.R. 4585) to the House Committee on Banking and Financial Services. The ACLI is a national trade association whose 435 member companies represent approximately 73 percent of the life insurance and 87 percent of the long term care insurance in force in the United States. They also represent over 80 percent of the domestic pension business funded through life insurance companies and 71 percent of the companies that provide disability income insurance. The ACLI commends Chairman Jim Leach for calling a hearing on this important subject and for sponsoring this legislation.

II. ACLI POLICY POSITION

Life, disability income, and long term care insurers are well aware of the unique position of responsibility they have regarding an individual's personal medical and financial information. ACLI member companies are strongly committed to the principle that individuals have a legitimate interest in the proper collection and handling of their personal information and that insurers have an obligation to assure individuals of the confidentiality of that information. Toward this end, the ACLI Board of Directors has adopted policy in relation to confidentiality of medical and financial information. ACLI's Confidentiality of Medical Information Principles of Support and Confidentiality of Financial Information Principles Support are grounded in the industry's long history of dealing with highly sensitive information in a professional and appropriate manner. These principles also acknowledge the changing horizon of the financial marketplace. For example, where a bank and an insurer are affiliated, should a bank evaluating an application for a mortgage or credit be able to use medical information from the insurer indicating that a mortgage applicant has a history of heart disease? ACLI member companies strongly believe that the answer to that question - and similar ones - should be a resounding NO.

We support strict protections for medical record confidentiality, including a prohibition on an insurer sharing medical records with a financial company, such as a bank, for use in determining eligibility for a loan or other credit - even if the insurance company and the financial company are commonly owned. We also support a prohibition on the sharing of medical information by an insurer for marketing purposes. It is our policy that life, disability income, and long term care insurers should not share medical information for marketing purposes, for example, with pharmaceutical companies or drug stores. Copies of the ACLI Principles of Support are attached.

The very nature of life, disability income and long term care insurance involves personal and confidential relationships. These insurers must be able to obtain, use, and share their customers' personal health and financial information to perform legitimate insurance business functions. These functions are essential to insurers' ability to serve and meet their contractual obligations to their existing and prospective customers. ACLI member companies also believe that the sharing of information with affiliates and unaffiliated third parties generally increases efficiency, reduces costs, and makes it possible to offer economies and innovative products and services to consumers that otherwise would not be available.

LIFE, DISABILITY INCOME, AND LONG TERM CARE INSURANCE POLICIES

The fundamental purpose of life, disability income and long term care insurance is to provide financial security for individuals and families:

* Life insurance provides financial protection to beneficiaries in the event of the insured's death. Proceeds from a life insurance policy may help a surviving spouse pay a mortgage or send children to daycare or college.

* Disability income insurance replaces lost income when a person is unable to work due to injury or illness.

* Long term care insurance helps protect individuals and families from the financial hardships associated with the costs of services required for continuing care, for example, when someone suffers a catastrophic or disabling illness.

Every year America's life, disability income and long term care insurers enter into millions of insurance contracts. Those contracts represent the promises we keep to our policyholders.

III. USE OF PERSONAL HEALTH AND FINANCIAL INFORMATION BY LIFE, DISABILITY INCOME, AND LONG TERM CARE INSURERS

UNDERWRITING THE POLICY

When a consumer begins the search for a life, disability income, or long term care insurance product, he or she often begins by meeting with an insurer's sales representative. Generally, the sales representative will discuss with the individual his or her family's financial security and estate planning goals. If the consumer decides to apply for individually underwritten insurance, the sales representative will complete an application.

Many of the application questions concern nonmedical information, such as age, occupation, income, net worth, other insurance and beneficiary designations. Other questions focus on the proposed insured's health, including current medical condition and past illnesses, injuries and medical treatments. The sales representative also will ask the applicant to provide the name of each physician or practitioner consulted in connection with any ailment within a specified period of time (typically five years).

Up to this point in the process, the information the insurance company receives about the applicant has come directly from the applicant. Depending on his age and medical history and the amount of insurance applied for, the insurance company may require medical record information or additional financial information. When the sales representative takes the consumer's application for insurance, the agent also will ask him to sign a consent form authorizing the insurance company to verify and supplement the information about him, and to obtain additional information if it is needed to evaluate the application.

The medical information that insurance companies typically request of applicants includes routine measurements, such as height and weight, blood pressure, and cholesterol level. The insurer may also seek an evaluation of blood, urine or oral fluid specimens, including tests for tobacco or drug use or HIV infection. Medical tests are done only with the applicant's consent. Since life, disability income, and long term care insurance policies are long range financial products purchased to provide financial security, it is often necessary for the insurer to also assess and use personal financial information, such as occupation, income, net worth, assets, and estate planning goals.

The price of life, disability income, or long term care insurance is generally based on the proposed insured's gender, age, present and past state of health, possibly his or her job or hobby, and the type and amount of coverage sought. Life, disability income, and long term care insurers gather this information during the underwriting process. Based on this information, the insurer groups insureds into pools in order to share the financial risks presented by dying prematurely, becoming disabled or needing long term care.

This system of classifying proposed insureds by level of risk is called risk classification. It enables insurers to group together people with similar characteristics and to calculate a premium based on that group's level of risk. Those with similar risks pay the same premiums. The process of risk classification provides the fundamental framework for the current private insurance system in the United States. It is essential to insurers' ability to determine premiums which are adequate to pay future claims and fair relative to the risk posed by the proposed insured.

Some individuals are concerned that their medical record information will be used against them to deny or cancel coverage, or to increase premiums. In fact, underwriting and the process of risk classification, based in large part on medical record information, have made life, disability income and long term care insurance widely available and affordable: 95 percent of individuals who apply for life insurance are issued policies and 91 percent obtain it at standard or better rates.

Once a life, disability income, or long term care insurance policy is issued, it cannot be canceled for any reason except for nonpayment of premiums. Premiums for these types of coverage cannot be raised because an individual files a claim, or because an individual becomes ill after purchasing the policy. However, if an individual suffers from a serious medical problem at the time a life insurance policy is issued, the premium may be reduced in some cases when the insured's health improves. Also, although premiums for some disability income or long term care insurance policies may be increased based on macro- economic factors, they may never be increased on an individual basis. Disability income and long term care insurance premiums may only be increased for a whole block of policies, usually only to ensure that premiums are adequate to pay claims.

THE BUSINESS OF LIFE, DISABILITY INCOME, AND LONG TERM CARE INSURANCE

Once a life, disability income, or long term care insurer has an individual's personal health and financial information, the insurer limits who sees it. However, the insurer must use and share that information to perform legitimate, essential insurance business functions B to underwrite the applications of prospective customers, as described above, to administer and service existing contracts with consumers, and to perform related product or service functions. Life, disability income, and long term care insurers must disclose personal information in order to comply with various regulatory/legal mandates and in furtherance of certain public policy goals (such as the detection and deterrence of fraud). Activities in connection with ordinary proposed and consummated business transactions, such as reinsurance treaties and mergers and acquisitions, also necessitate insurers' sharing of personal information.

PERFORMANCE OF ESSENTIAL INSURANCE BUSINESS FUNCTIONS

Many insurers use affiliates or unaffiliated third parties to perform all or part of the essential, core functions associated with an insurance contract. It is quite common for these insurers to use affiliates or third parties to perform basic functions such as underwriting, claims evaluation, and policy administration. In addition, insurers also use third parties to perform important business functions, not necessarily directly related to a particular insurance contract, but essential to the administration or servicing of insurance policies generally, such as, for example, development and maintenance of computer systems.

Third parties, such as actuaries, employee benefits or other consultants, physicians, attorneys, auditors, investigators, translators, records administrators, third party administrators, and others are often used to perform business functions necessary to effect, administer, or enforce insurance policies or the related product or service business of which these policies are a part. Often these arrangements with affiliates or unaffiliated third parties provide the most efficient and economical way for an insurer to serve prospective and existing customers. The economies and efficiencies devolving from these relationships inure to the benefit of the insurer's customers.

If an individual were to be permitted to withhold consent for a life, disability income, or long term care insurer to share his or her personal information with an affiliate or a third party performing a core insurance business function for the insurer, it would be extremely difficult, if not impossible, for the insurer to provide that consumer with the coverage, service, benefits, or economies that otherwise would be available. For example, suppose an individual seeks life insurance coverage from an insurer which uses an affiliate or a third party to do its underwriting. If the individual withholds or subsequently withdraws consent for the insurer to divulge his personal health information, the insurer either cannot underwrite the policy because it does not have the internal capacity to do so or it must create a special system to accommodate this one individual.

DISCLOSURES PURSUANT TO REGULATORY/LEGAL MANDATES OR TO ACHIEVE CERTAIN PUBLIC POLICY GOALS

Life, disability income, and long term care insurers must regularly disclose personal health and financial information to: (1) state insurance departments as a result of their general regulatory oversight of insurers, which includes regular market conduct and financial examinations of insurers; (2) self-regulatory organizations, such as the Insurance Marketplace Standards Association (IMSA), which imposes and monitors adherence to requirements with respect to member insurers' conduct in the marketplace; and (3) state insurance guaranty funds, which seek to satisfy policyholder claims in the event of impairment or insolvency of an insurer or to facilitate rehabilitations or liquidations which typically require broad access to policyholder information. Any limitation on these disclosures would seem likely to operate counter to the underlying public policy reasons for which they were originally mandated B to protect consumers.

Life, disability income, and long term care insurers need to (and, in fact, in some states are required to) disclose personal information in order to protect against or to prevent actual or potential fraud. Such disclosures are made to law enforcement agencies, state insurance departments, the Medical Information Bureau (MIB), or outside attorneys or investigators, which work for the insurer. Any limitation on insurers' ability to make these disclosures would seem likely to undermine the public policy goal of reducing fraud, the costs of which are ultimately borne by consumers.

The continued ability to make disclosures to the MIB is essential to insurers' efforts to combat fraud, yet it often comes under attack. The purpose of the MIB is to reduce the cost of insurance by helping insurers detect (and deter) attempts by insurance applicants to conceal or misrepresent facts. A provision permitting individuals to withhold consent for insurers to make disclosures to the MIB would require the insurance industry to abandon this effort at combating fraud and abuse. It would be like asking a bank not to do a credit check before it issues a mortgage. The result would be higher costs for all consumers.

ORDINARY BUSINESS TRANSACTIONS

In the event of a proposed or consummated sale, merger, transfer, or exchange of all or a portion of an insurance company, it is often essential that the insurer be able to disclose company files. Naturally, these files can contain personal information. Such disclosures are often necessary to the due diligence process which takes place prior to consummation of the deal and are clearly necessary once the deal is completed when the newly created entity often must use policyholder files in order to conduct business.

Insurers also frequently enter into reinsurance contracts in order to, among other things, increase the amount and volume of coverage they can provide. These arrangements often necessitate the disclosure of personal information by the primary insurer to the reinsurer. Depending on the particular reinsurance treaty, this might happen because the reinsurer: (1) wishes to examine the ceding insurer's underwriting practices; (2) actually assumes responsibility for underwriting all or part of the risk; or (3) administers claims.

If an individual insured were to be permitted to withhold or withdraw consent for an insurer to disclose personal information in situations where the sharing of that individual's file is necessary to a merger, acquisition, or reinsurance arrangement, that individual could hold hostage or prevent a transaction likely to benefit hundreds, or possibly thousands, of other policyholders. This would deprive other policyholders of the economies and product opportunities for which the transaction was originally sought.

IV. SPECIFIC COMMENTS ON H.R. 4585

As you know, Title V of the Gramm-Leach-Bliley (GLB) Financial Services Modernization Act signed into law last year provides American consumers with the most comprehensive financial privacy protections in the nation's history. Under the GLB Act:

Every financial institution is required to disclose to consumers its policy and practices designed to protect the confidentiality and security of personal financial information at the start of a business relationship, and at least once each year for the remainder of the relationship.

Every financial institution is prohibited from disclosing account numbers to unrelated third parties for use in direct marketing, telemarketing, or marketing through e-mail to consumers.

Consumers have the legal right to say no or to opt-out of the disclosure, transfer or sale of their personal financial information to unrelated third parties, unless the disclosure is to a service provider, pursuant to a joint agreement between financial institutions, or for an ordinary business purpose.

It a federal crime to obtain private personal information from a financial institution under false pretenses.

We appreciate that the bill under consideration today follows the framework of the GLB Act. It appropriately seeks to balance consumers' confidentiality requirements with financial institutions' need to disclose medical information, like financial information, in order to perform ordinary business functions. However, we believe that the bill fails to achieve this balance. We are concerned about several provisions of the legislation.

GLB ACT EXEMPTIONS

The bill fails to include several of the key GLB Act exemptions. GLB Act Section 502(b)(2) provides an exemption for financial institutions' disclosures to nonaffiliated third party service providers. Section 502(e) exempts disclosures to nonaffiliated third parties performing ordinary business functions for the financial institution. It is absolutely critical that the same exemptions be provided with respect to disclosures of individually identifiable health information as have been provided with respect to disclosures of financial information. Otherwise, insurers' ability to service their existing and prospective customers will be significantly jeopardized.

The bill does not provide an exemption for disclosures by a financial institution to nonaffiliated third parties performing services for, or functions on behalf of, the financial institution. As a result, every day communications between an insurer and its third party contractor agents would be hindered. These communications are often essential to an agent's ability to best advise a prospective customer with respect to which insurance policy (or policies) may be best for his or her particular circumstances.

The bill also fails to follow the GLB Act by not including exemptions for disclosures to state guaranty funds or disclosures governed by the federal Fair Credit Reporting Act (FCRA). It would seem to be contrary to the public interest to hinder disclosures to state guaranty funds which seek to pay consumers' claims in the event of insurer insolvencies. Moreover, given the GLB Act's explicit language preserving the FCRA, it is unclear why the GLB Act exemption for disclosures governed by this Act has not been included.

In view of the above, the ACLI strongly urges that the bill be amended to include all the GLB Act exemptions. In this event, the bill still would address consumers' confidentiality concerns relating to their individually identifiable health information without unnecessarily jeopardizing insurers' ability to best serve consumers which come to them for insurance products and services.

RIGHTS TO ACCESS, CORRECT, AND AMEND

Section 2(c) of the bill would grant consumers an extremely broad right to access and correct individually identifiable health information held by financial institutions. The bill fails to clearly protect from this access information compiled in anticipation of or in connection with an investigation of fraud or material misrepresentation. It also fails to clearly protect information gathered in connection with legal proceedings. This would seem to be counter to the public interest. The ACLI strongly urges amendment to clarify and appropriately limit this access to that which meets consumers' legitimate needs and concerns without needlessly jeopardizing a number of public policy goals.

SPECIAL REQUIREMENT TO PROTECT MENTAL HEALTH INFORMATION

The bill provides special protection for mental health information. Section 3(a)(3)(A) requires that the regulations issued to carry out this Act include special policies and procedures to protect the confidentiality of mental health information. We are concerned that requiring special procedures

with regard to mental health information will result in the segregation of this information that could jeopardize a life, disability income, or long term care insurer's access to this information. Insurers must be able to access medical information relevant to the underwriting and claims processes. Without access to relevant medical information existing at the time of application, the insurer cannot accurately calculate risk. This could result in premiums that do not fairly reflect the level of risk presented by individuals, resulting in adverse selection. Similarly, without access to relevant medical information during the claims evaluation process, an insurer will have no way to determine its obligation under an existing insurance contract.

Section 2(a), amending the Gramm-Leach-Bliley Act at 502(A)(d) requires a separate and specific consent for mental health information. A major objective of the proposed legislation is to provide individuals with greater control over their protected health information. This can be achieved without imposing unnecessary burdens on the financial institutions that would be governed by the Act. Given adequate notice regarding mental health information, there is no reason to require a separate authorization for this medical information. Mental illnesses are real, diagnosable, and treatable. The rules governing the privacy of medical information should apply equally to all medical information. Thus, the ACLI strongly urges that the bill be amended to delete the proposed requirements for special policies and procedures and separate consent in relation to mental health information.

PREEMPTION

The ACLI supports the principle that in the event federal medical privacy legislation is considered by Congress, that legislation should preempt related state laws. Life, disability income and long term care insurers engage in interstate commerce C their customers should know that health information disclosed by these entities is governed by the same standards of protection, regardless of their location. This bill, unlike the comprehensive medical information privacy bills, deals exclusively with financial institutions. The issues surrounding preemption that stalled the debate on comprehensive legislation, including the possible preemption of state parental notification laws, do not exist in this legislation. Thus, there is no reason for this bill not to clearly preempt state laws in this area.

V. CONCLUSION

It is imperative that any debate in relation to medical records privacy be thoughtful and not political. We have grave doubt that thoughtful debate is possible at this time in the highly politicized environment of an election year. Any legislation in relation to this issue must reflect a careful balance of consumers' confidentiality concerns with consumers' insurance needs.

No medical records privacy bill should jeopardize the current life, disability income, and long term care insurance marketplace which meets consumers' insurance needs. No medical records privacy bill should jeopardize insurers' ability to underwrite, process claims, and perform other core or ordinary insurance business functions.

We appreciate that certain provisions, found in the comprehensive health information privacy bills, which could significantly jeopardize the current life, disability income or long term care insurance marketplace, have not been included in this measure which focuses exclusively on financial institutions. We strongly urge that the exceptions outlined in the GLB Act that were not included in this legislation be restored. Finally, we also strongly urge you not to raise issues that have been divisive in other medical privacy debates, namely third party liability issues under a business partners concept, and excessive damages awards, including punitive damages.

Again, the ACLI greatly appreciates your leadership, Chairman Leach, on this issue so important to American consumers and those who serve them. This industry has a long history of dealing with medical information in an appropriate, confidential fashion. Over the past 200 years, we've earned the trust of our customers. And we intend to keep it.

Confidentiality of Financial Information

Principles of Support

Life insurers provide financial security for millions of Americans through life, long-term care, and disability income insurance and annuities. To enable companies to provide products that meet an individual's or family's unique needs, insurers ask questions and collect financial information.

Life, disability income and long-term care insurers recognize consumers are concerned about revealing financial information. They want to know how the information will be used and who will have access to it. Life insurers should have policies and practices that address these concerns and protect confidentiality.

Insurance companies strongly support the following principles, which require financial information to be treated confidentially.

Separate Principles for Medical and Financial Information

Life insurers recognize that customers have special concerns regarding medical information. Therefore, insurers have separate policies and practices for securing the confidentiality of medical information.

Strict Policies and Practices to Protect Financial Information

An insurer will have policies and practices in force to protect the confidentiality and security of financial information. These policies and practices are designed to protect the information from unauthorized access and use so that customers are not substantially harmed or inconvenienced.

Customer Notification of Confidentiality and Security Policies

Customers will be notified of the policies and practices an insurer follows to protect the confidentiality and security of their financial information. The insurer will give customers a notice of its policies and practices before or at the time a contract is issued, and after that on an annual basis, for as long as the contract is in force.

Customer Access to Financial Information

Upon request, customers are entitled to have access and correction rights to their financial information collected in connection with an application for life, disability income, and long-term care insurance and annuities.

Limitations on Sharing Financial Information

An insurer may share financial information to issue contracts and to administer and service its business. For example, an insurer may share financial information to facilitate paying claims, provide consolidated financial statements of a customer's accounts, prevent fraud, or comply with the law.

An insurer may share financial information only with organizations that are subject to the same restrictions on information sharing as the insurer.

Strict Rules on Sharing Financial Information for Marketing Purposes

An insurer's notice of policies and practices about financial information will inform customers that the information may be shared for marketing products and services consumers may find useful. For example, an insurer may share financial information within its corporate family, with a financial institution with which it has a joint agreement, or with an organization responsible for marketing the insurer's products and services.

The insurer will give customers the opportunity to direct that financial information not be shared if the products and services being marketed are not offered through the insurer's corporate family, through a joint agreement with another financial institution, or by an organization marketing the insurer's products and services.

Confidentiality of Medical Information

Principles of Support

Life, long-term care and disability income insurance companies recognize an individual's medical information is personal, sensitive and must be protected. Companies have policies and practices in place to protect the confidentiality and security of an individual's medical information, and individuals have a right to have information about those policies and practices.

Insurance companies strongly support the following principles, which require individually identifiable medical information to be treated confidentially.

Strict Restrictions on Obtaining Medical Information

* Medical information will not be collected without an individual's authorization in connection with an application for life, long-term care and disability income insurance.

Strict Ban on Sharing Medical Information for Marketing

* Medical information will not be shared for marketing purposes.

Strict Ban on Sharing Medical Information with Other Financial Companies

* Under no circumstances will an insurance company share an individual's medical information with a financial company, such as a bank, in determining eligibility for a loan or other credit B even if the insurance company and the financial company are commonly owned.

Strict Restrictions on Disclosing Medical Information

* Any disclosure of medical information without an individual's permission will be made only in limited circumstances as authorized or required by law. For example, information may be disclosed to facilitate paying claims, and to state insurance commissioners enforcing consumer protection laws.

* Disclosures of medical information will contain only the information authorized by the individual or authorized or required by law. The recipient of the information should be subject to the same confidentiality standards as the insurance company.

* The insurance company must inform an individual, upon request, what medical information has been disclosed and to whom it has been disclosed.

* An individual may sue for actual damages if an insurance company improperly discloses personal medical information.

Strict Confidentiality Policies and Practices

* Life, long-term care and disability income insurance companies must document their confidentiality policies and practices, and adopt internal operating procedures to restrict access to medical information.

* An individual is entitled to receive information describing the insurance company's medical information confidentiality policies and practices.

* Upon request, an individual is entitled to access medical information collected in connection with an application for life, long-term care and disability income insurance and to obtain correction of inaccurate medical information.

Uniform Confidentiality Protection

* State legislation seeking to implement these principles should be uniform. Any federal legislation seeking to implement the principles should preempt all state requirements relating to the confidentiality of medical information.

END

LOAD-DATE: June 22, 2000

Document 8 of 45.


Search Terms: health information privacy, House or Senate or Joint
To narrow your search, please enter a word or phrase: