Copyright 1999 Federal Document Clearing House, Inc.
Federal Document Clearing House Congressional Testimony
July 21, 1999
SECTION: CAPITOL HILL HEARING TESTIMONY
LENGTH: 5979 words
HEADLINE:
TESTIMONY July 21, 1999 ROBERTA MEYER HOUSE BANKING AND
FINANCIAL SERVICES FINANCIAL INSTITUTIONS AND CONSUMER CREDIT UNIONS FINANCIAL
PRIVACY
BODY:
Testimony of the AMERICAN COUNCIL OF
LIFE INSURANCE Before the HOUSE COMMITTEE ON BANKING AND FINANCIAL SERVICES
SUBCOMMITTEE ON FINANCIAL INSTITUTIONS AND CONSUMER CREDIT On Emerging Privacy
Issues Presented By Roberta Meyer Senior Counsel June 21, 1999 2128 Rayburn
House Office Building INTRODUCTION Chairwoman Roukema and members of the
subcommittee, I am Roberta Meyer, Senior Counsel at the American Council of Life
Insurance (ACLI). The ACLI is a national trade association with 493 member life
insurance companies representing approximately 77 percent of the life, 81
percent of the disability income, and 88 percent of the long term care insurance
in force in the United States. The ACLI very much appreciates being given the
opportunity to present its views on emerging privacy issues related to the
sharing of personal medical and financial information by life, disability
income, and long term care insurers. These issues are critically important to
ACLI member companies as well as to their customers. The very nature of the
life, disability income and long term care insurance businesses involves
personal and confidential relationships. The ACLI is here today because these
insurers must be able to obtain, use, and share their customers' personal health
and financial information to perform legitimate insurance business functions.
These functions are essential to insurers' ability to serve and meet their
contractual obligations to their existing and prospective customers. ACLI member
companies also believe that the sharing of information with affiliates and
unaffiliated third parties generally increases efficiency, reduces costs, and
makes it possible to offer economies and innovative products and services to
consumers that otherwise would not be available. ACLI POLICY POSITION Life,
disability income, and long term care insurers are well aware of the unique
position of responsibility they have regarding an individual's personal medical
and financial information. ACLI member companies are strongly committed to the
principle that individuals have a legitimate interest in the proper collection
and handling of their personal information and that insurers have an obligation
to assure individuals of the confidentiality of that information. Last year, the
ACLI Board of Directors adopted a series of "Confidentiality of Medical
Information Principles of Support" based on this concept. (They are attached for
your review.) As an industry, life, disability income, and long term care
insurers have a long history of dealing with highly sensitive personal
information, both medical and financial, in a professionally appropriate manner.
We are proud of our record as custodians of this information. The ACLI policy
position regarding the protection of personally identifiable information is
reflected in our long-standing support of the National Association of Insurance
Commissioners (NAIC) Insurance Information and Privacy Protection Model Act
(NAIC Model Act), enacted in 19 states. The ACLI believes this model strikes a
proper balance between the legitimate expectations of consumers concerning the
treatment of information that insurers obtain about them and the obligation of
insurers to use personal information responsibly. Among other things, it
requires that insurers provide a notice of information practices, outlines the
content of disclosure authorization forms, imposes limitations and conditions on
the disclosure of information and provides a process by which individuals can
access, correct, and amend information about them. Many, if not most, ACLI
member companies doing business in at least one state which has enacted the NAIC
Model Act adhere to its requirements in all states in which they do business.
LIFE, DISABILITY INCOME, AND LONG TERM CARE INSURANCE POLICIES The fundamental
purpose of life, disability income and long term care insurance is to provide
financial security for individuals and families: Life insurance provides
financial protection to beneficiaries in the event of the insured's death.
Proceeds from a life insurance policy may help a surviving spouse pay a mortgage
or send children to daycare or college. Disability income insurance replaces
lost income when a person is unable to work due to injury or illness. Long term
care insurance helps protect individuals and families from the financial
hardships associated with the costs of services required for continuing care,
for example, when someone suffers a catastrophic or disabling illness. Every
year America's life, disability income and long term care insurers enter into
millions of insurance contracts. Those contracts represent the promises we keep
to our policyholders. USE OF PERSONAL HEALTH AND FINANCIAL INFORMATION BY LIFE,
DISABILITY INCOME, AND LONG TERM CARE INSURERS UNDERWRITING THE POLICY When a
consumer begins the search for a life, disability income, or long term care
insurance product, he or she usually begins by meeting with an insurer's sales
representative. Generally, the sales representative will discuss with the
individual his or her family's financial security and estate planning goals. If
the consumer decides to apply for individually underwritten insurance, the sales
representative will complete an application. Many of the application questions
concern nonmedical information, such as age, occupation, income, net worth,
other insurance and beneficiary designations. Other questions focus on the
proposed insured's health, including current medical condition and past
illnesses, injuries and medical treatments. The sales representative also will
ask the applicant to provide the name of each physician or practitioner
consulted in connection with any ailment within a specified period of time
(typically five years). Up to this point in the process, the information the
insurance company receives about the applicant has come directly from the
applicant. Depending on his age and medical history and the amount of insurance
applied for, the insurance company may require medical record information or
additional financial information. When the sales representative takes the
consumer's application for insurance, he or she also will ask him to sign a
consent form authorizing the insurance company to verify and supplement the
information about him, and to obtain additional information if it is needed to
evaluate the application. The medical information that insurance companies
typically request of applicants includes routine measurements, such as height
and weight, blood pressure, and cholesterol level. The insurer may also seek an
evaluation of blood, urine or oral fluid specimens, including tests for tobacco
or drug use or HIV infection. Medical tests are done only with the applicant's
consent. Since life, disability income, and long term care insurance policies
are long range financial products purchased to provide financial security, it is
often necessary for the insurer to also assess and use personal financial
information, such as occupation, income, net worth, assets, and estate planning
goals. The price of life, disability income, or long term care insurance is
generally based on the proposed insured's gender, age, present and past state of
health, possibly his or her job or hobby, and the type and amount of coverage
sought. Life, disability income, and long term care insurers gather this
information during the underwriting process. Based on this information, the
insurer groups insureds into pools in order to share the financial risks
presented by dying prematurely, becoming disabled or needing long term care.
This system of classifying proposed insureds by level of risk is called risk
classification. It enables insurers to group together people with similar
characteristics and to calculate a premium based on that group's level of risk.
Those with similar risks pay the same premiums. The process of risk
classification provides the fundamental framework for the current private
insurance system in the United States. It is essential to insurers' ability to
determine premiums which are adequate to pay future claims and fair relative to
the risk posed by the proposed insured. Some individuals are concerned that
their medical record information will be "used against them" to deny or cancel
coverage, or to increase premiums. In fact, underwriting and the process of risk
classification, based in large part on medical record information, have made
life, disability income and long term care insurance widely available and
affordable: 95 percent of individuals who apply for life insurance are issued
policies and 91 percent obtain it at standard or better rates. Once a life,
disability income, or long term care insurance policy is issued, it cannot be
canceled for any reason except for nonpayment of premiums. Premiums for these
types of coverage cannot be raised because an individual files a claim, or
because an individual becomes ill after purchasing the policy. However, if an
individual suffers from a serious medical problem at the time a life insurance
policy is issued, the premium may be reduced in some cases when the insured's
health improves. Also, although premiums for some disability income or long term
care insurance policies may be increased based on macro-economic factors, they
may never be increased on an individual basis. Disability income and long term
care insurance premiums may only be increased for a whole block of policies,
usually only to ensure that premiums are adequate to pay claims. THE BUSINESS OF
LIFE, DISABILITY INCOME, AND LONG TERM CARE INSURANCE Once a life, disability
income, or long term care insurer has an individual's personal health and
financial information, the insurer limits who sees it. However, the insurer must
use and share that information to perform legitimate, essential insurance
business functions - to underwrite the applications of prospective customers, as
described above, to administer and service existing contracts with consumers,
and to perform related product or service functions. Life, disability income,
and long term care insurers must disclose personal information in order to
comply with various regulatory/legal mandates and in furtherance of certain
public policy goals (such as the detection and deterrence of fraud). Activities
in connection with ordinary proposed and consummated business transactions, such
as reinsurance treaties and mergers and acquisitions, also necessitate insurers'
sharing of personal information. PERFORMANCE OF ESSENTIAL INSURANCE BUSINESS
FUNCTIONS Many insurers use affiliates or unaffiliated third parties to perform
all or part of the essential, core functions associated with an insurance
contract. It is quite common for these insurers to use affiliates or third
parties to perform basic functions such as underwriting, claims evaluation, and
policy administration. In addition, insurers also use third parties to perform
important business functions, not necessarily directly related to a particular
insurance contract, but essential to the administration or servicing of
insurance policies generally, such as, for example, development and maintenance
of computer systems. Third parties, such as actuaries, employee benefits or
other consultants, physicians, attorneys, auditors, investigators, translators,
records administrators, third party administrators, and others are often used to
perform business functions necessary to effect, administer, or enforce insurance
policies or the related product or service business of which these policies are
a part. Often these arrangements with affiliates or unaffiliated third parties
provide the most efficient and economical way for an insurer to serve
prospective and existing customers. The economies and efficiencies devolving
from these relationships inure to the benefit of the insurer's customers. If an
individual were to be permitted to withhold consent or to "opt out" of a life,
disability income, or long term care insurer's right to share his or her
personal information with an affiliate or a third party performing a core
insurance business function for the insurer, it would be extremely difficult, if
not impossible, for the insurer to provide that consumer with the coverage,
service, benefits, or economies that otherwise would be available. For example,
suppose an individual seeks life insurance coverage from an insurer which uses
an affiliate or a third party to do its underwriting. If the individual
subsequently withholds consent or "opts out" of the insurer's right to divulge
his personal health information, the insurer either cannot underwrite the policy
because it does not have the internal capacity to do so or it must create a
special system to accommodate this one individual. Suppose an insured under an
existing life insurance policy withholds consent or "opts out" of the insurer's
right to use or divulge his personal health and financial information, and the
life insurer uses an affiliate or a third party to process policy loans or
claims. The life insurer will either not be able to process a loan request or
claim submitted by that individual or, again, will have to create a special
system to accommodate that individual. If the life insurer has a third party
computer company work on its computer system, it will not be able to give the
computer company access to that individual's file which needs to be part of the
system. If the individual wants to assign his policy as collateral for a loan,
the insurer will not be able to share the individual's file with the prospective
creditor, significantly jeopardizing the individual's ability to get the loan.
In sum, insurers' ability to conduct core insurance business operations may not
be subject to an "opt-out" provision without significantly impairing, if not
totally undermining, their ability to do business with individuals who choose to
"opt- out". DISCLOSURES PURSUANT TO REGULATORY/LEGAL MANDATES OR TO ACHIEVE
CERTAIN PUBLIC POLICY GOALS Life, disability income, and long term care insurers
must regularly disclose personal health and financial information to: (1) state
insurance departments as a result of their general regulatory oversight of
insurers, which includes regular market conduct and financial examinations of
insurers; (2) self- regulatory organizations, such as the Insurance Marketplace
Standards Association (IMSA), which imposes and monitors adherence to
requirements with respect to member insurers' conduct in the marketplace; and
(3) state insurance guaranty funds, which seek to satisfy policyholder claims in
the event of impairment or insolvency of an insurer or to facilitate
rehabilitations or liquidations which typically require broad access to
policyholder information. Any limitation on these disclosures would seem likely
to operate counter to the underlying public policy reasons for which they were
originally mandated - to protect consumers. Life, disability income, and long
term care insurers need to (and, in fact, in some states are required to)
disclose personal information in order to protect against or to prevent actual
or potential fraud. Such disclosures are made to law enforcement agencies, state
insurance departments, the Medical Information Bureau (MIB), or outside
attorneys or investigators, which work for the insurer. Any limitation on
insurers' right to make these disclosures would seem likely to undermine the
public policy goal of reducing fraud, the costs of which are ultimately borne by
consumers. The continued right to make disclosures to the MIB is essential to
insurers' efforts to combat fraud, yet it often comes under attack. The purpose
of the MIB is to reduce the cost of insurance by helping insurers detect (and
deter) attempts by insurance applicants to conceal or misrepresent facts. As
part of the application process, consumers receive a written notice which
describes the MIB and its functions. No information can go to the MIB unless an
individual: (1) is applying for an individually underwritten insurance policy;
and (2) has received a notice that information MIGHT be sent to the MIB. Only a
company that underwrites life, health, long term care insurance or disability
income insurance may be a member of the MIB. Out of every 100 applications,
information is only sent to the MIB in maybe 15 to 20 cases. It is sent in an
encrypted fashion. Also, individuals can access and amend information MIB has
about them. Corrections to information are usually completed within 30 days. MIB
records are purged after 7 years. Insurance company members of MIB will only
request information regarding an individual applicant from MIB after the
applicant has signed an authorization. Again, member insurers may have access to
MIB information only after receiving the individual's authorization. A provision
permitting individuals to withhold consent or to "opt- out" of an insurer's
right to make disclosures to the MIB would require the insurance industry to
abandon this effort at combating fraud and abuse. It would be like asking a bank
not to do a credit check before it issues a mortgage. The result would be higher
costs for all consumers. ORDINARY BUSINESS TRANSACTIONS In the event of a
proposed or consummated sale, merger, transfer, or exchange of all or a portion
of an insurance company, it is often essential that the insurer be able to
disclose company files. Naturally, these files can contain personal information.
Such disclosures are often necessary to the due diligence process which takes
place prior to consummation of the deal and are clearly necessary once the deal
is completed when the newly created entity often must use policyholder files in
order to conduct business. Insurers also frequently enter into reinsurance
contracts in order to, among other things, increase the amount and volume of
coverage they can provide. These arrangements often necessitate the disclosure
of personal information by the primary insurer to the reinsurer. Depending on
the particular reinsurance treaty, this might happen because the reinsurer: (1)
wishes to examine the ceding insurer's underwriting practices; (2) actually
assumes responsibility for underwriting all or part of the risk; or (3)
administers claims. If an individual insured were to be permitted to withhold
consent or to "opt-out" of an insurer's right to disclose personal information
in situations where the sharing of that individual's file is necessary to a
merger, acquisition, or reinsurance arrangement, that individual could hold
hostage or prevent a transaction likely to benefit hundreds, or possibly
thousands, of other policyholders. This would deprive other policyholders of the
economies and product opportunities for which the transaction was originally
sought. MEDICAL PRIVACY PROVISIONS IN H.R. 10 The medical privacy provisions of
H.R.10, as passed by the House of Representatives, while arguably not perfect,
appropriately balance individuals' legitimate interest in the proper collection
and handling of their personal health information with insurers' essential need
to use and disclose that information necessary to perform legitimate, core
insurance business functions, to fulfill legal mandates, and to achieve certain
laudable public policy goals. These provisions do not represent all the medical
privacy protections that some might consider appropriate. However, they are not
intended to be comprehensive or to be the "final" answer to medical records
privacy. In fact, the language specifically states that these provisions will
sunset when an omnibus medical records statute is enacted which satisfies the
requirements of the Health Insurance Portability and Accountability Act of 1996
(HIPAA). These provisions do not take away the Secretary's authority to
promulgate regulations on health information privacy, granted
in HIPAA. Furthermore, the Secretary's authority goes beyond the entities
covered in this bill ---- for example, to doctors and hospitals. The ACLI is
supportive of a totally preemptive, omnibus federal approach to medical records
confidentiality that would permit insurers to perform legitimate insurance
functions essential to their ability to serve and meet their contractual
obligations to consumers. A federal statute that outlines a broadly preemptive
set of specific standards to protect personal health information, and remedies
for breach of those standards, will respond to the American public's concern
about the confidentiality of their health information. Setting a national,
uniform standard for health information is fundamental to the debate relating to
medical privacy. Consumers would know that they were protected by the same,
strong health information privacy law, regardless of their
address. Also, life insurance, disability income, and long term care insurers
engaged in business across the country would have a single standard to
facilitate the industry's ability to provide financial security to individuals
and their families in the most efficient, economical and innovative way
possible. Although the H.R.10 medical privacy provisions do not provide a
comprehensive approach to this issue, the ACLI believes that they represent a
good "first step" and provide privacy protection that does not currently exist
under federal law. It is important to recognize that these provisions restrict
disclosures of customer "health and medical and genetic information" which the
insurance company has generally obtained either directly from the individual or
pursuant to the individual's authorization. The provisions require the
individual's consent (or an "opt-in") in order for an insurer to disclose this
information unless the disclosure is being made for limited, legitimate
insurance business purposes. EXPLANATION OF EXCEPTIONS TO THE CONSENT
REQUIREMENT The exceptions to the consent (or "opt-in") requirement provide for
disclosures of medical information which are made in connection with the
performance of ordinary, legitimate insurance business functions. They
appropriately reflect insurers' need to share medical information with
affiliates and third parties in order for them to fulfill functions necessary
for the insurer to best serve and fulfill its contractual obligations to its
customers. If these exceptions, with respect to ordinary business practices,
were not provided for, insurers' ability to continue to perform essential
business functions for their millions of existing customers, as well as
prospective customers, would be jeopardized. Specifically, the exceptions take
into account disclosures for the following legitimate, core insurance business
functions: "Underwriting Purposes" As noted above, life, disability income, and
long term care insurers must use and often must disclose health information to
affiliates or third parties in order to medically underwrite and to classify
risks. The process of risk classification is fundamental to the current private,
voluntary life, disability income, and long term care insurance business.
Insurers commonly use affiliates or unaffiliated third parties (such as outside
physicians, laboratories, or third party administrators) to perform part or all
of this function and, consequently, must share personal health information about
their customers with them so that they may do their jobs for insurers. If a
consumer were to be permitted to withhold consent for these disclosures of
medical information, it would be very difficult, if not impossible, for the
insurer to underwrite or issue the policy for which the consumer came to the
insurer in the first place. "Reinsuring Purposes" As noted above, life,
disability income, and long term care insurers commonly enter into reinsurance
arrangements under which the reinsurer either audits the primary insurer's
underwriting practices, actually performs the underwriting, or pays claims. All
of these activities necessitate the sharing of personal medical information by
the primary insurer with the reinsurer. If an individual were to withhold
consent for the sharing of personal health information under these
circumstances, it could jeopardize the consummation of a reinsurance transaction
likely to benefit possibly hundreds or thousands of other policyholders or it
could make it impossible for the insurer to underwrite that particular
individual's application for coverage or pay his claim for benefits. "Account
Administration", "Processing Premium Payments", "Processing Insurance Claims":
Again, insurers often use affiliates or retain unaffiliated third parties to
administer or service insurance policies which activities include account
administration, the processing of premium payments and the payment of claims.
These are basic business functions which, in the case of claims benefits,
certainly go to the core of the insurer's relationship with the customer. If an
individual were to withhold consent for the insurer to share medical information
to an entity performing this type of function for the insurer, it would either
not be able to fulfill its contractual and service obligations to the individual
or would have to set up a special system just for that individual. "Reporting,
Investigating or Preventing Fraud or Material Misrepresentation" Unfortunately,
there are times when individuals have incentive not to disclose all of their
health information to an insurer to which they are applying for life, disability
income, or long term care insurance coverage. In these instances, it is possible
that the insurer will issue coverage that it would not have issued or will issue
coverage at a significantly lower price than it would have had it had complete
information about the proposed insured's health. Also, fraudulent claims are
sometimes submitted to insurers. The costs of fraud and material
misrepresentations ultimately are borne by other policyholders. Individuals
cannot be permitted to withhold consent for disclosures of medical information
relating to the reporting of fraud or material misrepresentation without
jeopardizing the public policy goal of detecting and deterring fraud. "Providing
Information to the Customer's Physician or Other Health Care Provider" Insurers
must be permitted to release information to an individual's physician in the
event medical testing performed in connection with underwriting indicates that
there may be a medical condition previously undiagnosed. "Participating in
Research Projects" Insurers do research for many purposes, most significantly,
in connection with mortality studies. This information is essential to insurers
in medical underwriting. Disclosures necessary for these studies cannot be
limited without jeopardizing insurers' ability to appropriately classify risk.
"Enabling the Purchase, Transfer, Merger or Sale of Any Insurance Related
Business" When an insurer enters into an insurance contract with a new
policyholder, it is unlikely to know if it will engage in a merger or
acquisition or will be sold during the next 10, 20, or 30 years. It would be
impractical, if not impossible, for the insurer to be required to obtain
thousands of authorization forms from all of its policyholders before such a
transaction. Moreover, were individuals to be permitted to withhold consent for
such a transaction, a single individual could prevent the whole transaction from
being consummated, depriving other policyholders of opportunities and benefits
which might otherwise have been available. "As Otherwise Required or
Specifically Permitted by Federal or State Law" As noted above, some states
require or specifically permit the disclosure of medical information by
insurance companies under certain circumstances. For example, a company may be
required to disclose health information to a state insurance commissioner which
is investigating an alleged unfair trade practice or to a self regulatory
organization which is monitoring market practices. These disclosures are
mandated or permitted because they designed to protect consumers in the
marketplace. Any limitation on these disclosures would seem to work counter to
this public policy goal. H.R. 10 FINANCIAL PRIVACY PROVISIONS The ultimate
effect of the H.R.10 financial privacy provisions will be determined by the
regulations promulgated to carry out the purposes of this new law. However, the
provisions themselves are reflective of a conscious effort to balance consumers'
legitimate financial privacy concerns with consumer demands for convenience and
prompt service. These also would permit insurers to pass on to their customers
the economies and opportunities made possible by affiliation under H.R. 10 and
to perform legitimate insurance business functions. These provisions
appropriately permit the sharing of nonpublic personal information with
affiliates and with certain unaffiliated third parties, where the third party is
acting on behalf of the financial institution or pursuant to a joint agreement
between two or more financial institutions. This sharing of nonpublic personal
information is essential to insurers' ability to make available to their
customers the efficiencies and product innovations which are the underlying
purposes for enacting H.R. 10 in the first place. Because the privacy provisions
in H.R. 10 were not the subject of hearings and are not based on a comprehensive
record, there was a conscious effort not to impose broad restrictions on
information sharing that might have unintended consequences or otherwise
undermine the fundamental purposes of the bill. We believe that the exceptions
to the general opt-out requirement for information sharing with third parties
are wholly appropriate for reasons discussed below. EXPLANATION OF THE
EXCEPTIONS TO THE NOTICE AND "OPT-OUT" REQUIREMENTS The financial privacy
provisions also appropriately exempt from the "notice and opt-out" requirement
disclosures which are made in connection with the following legitimate business
functions: "As necessary to effect, administer, or enforce a transaction" or "in
connection with servicing or processing a financial product or service" This
exception is one of the most important to life, disability income, and long term
care insurers. As noted above, many insurers use affiliates or third parties to
perform all or part of the core functions associated with a life, disability
income, or long term care insurance contract, such as underwriting, claims
evaluation, or policy administration. In addition, it is common for insurers to
use unaffiliated third parties to perform other important business functions,
not directly related to a particular insurance contract, but necessary to the
general business of insurance, such as for maintenance of computer systems, for
auditing or for other similar functions. Unless insurers are permitted to
disclose nonpublic personal information to affiliates or third parties,
performing functions that are necessary to "effect, administer, or enforce" the
transaction or "the product or service business of which the transaction is a
part", these insurers will be significantly hampered, if not totally prevented,
from fulfilling their contractual and service obligations to prospective and
existing customers. This exemption appropriately refers to disclosures that are
necessary to "...administer, or enforce a transaction" or made "in connection
with servicing or processing a financial product or service" as well as to
disclosures necessary "to effect...a transaction". Administration and service
are inherent parts of an insurer's relationship with its customer. In the
absence of such an exception, individuals would be permitted to "opt-out" of the
insurer's right to disclose nonpublic personal information to an affiliate or
unaffiliated third party which must have access to that information in order to
perform essential administrative or service functions, such as to process the
individual's application for coverage (for a disability income policy, for
example), or his request for a collateral assignment of a life insurance policy
for a loan. By virtue of the definition of "necessary to effect, administer, or
enforce", this exemption also appropriately applies not only to disclosures made
in connection with a "transaction", but also to disclosures made in connection
with the "product or service business of which the transaction is a part". This
is important because life, disability income, and long term care insurance
policies involve many "transactions", after the origination of the contract,
such as policy loans or claims payments, which may be part of the contract
itself or part of the administration or servicing of the contract. The
definition of "necessary to effect, administer, or enforce" also appropriately
brings within the scope of the exemption disclosures which are "usual,
appropriate, or acceptable" for underwriting, reinsurance purposes, account
administration, reporting, investigating or preventing fraud or material
misrepresentation, processing premium payments, processing insurance claims,
administering insurance benefits, participating in research projects, or as
otherwise required or specifically permitted by Federal or State law. The
importance of and need for these disclosures to affiliates and third parties has
been discussed above as have the reasons why their limitation would work against
the best interests of consumers. "With the consent or at the direction of the
consumer" If an individual has given his consent to the sharing of his nonpublic
personal information, there would seem to be no reason to prevent it or to keep
him from enjoying the opportunities and benefits likely to result. To "protect
against or prevent actual or potential fraud" As has been discussed above,
insurers need and, in some cases, have a legal requirement to make certain
disclosures in order to protect against or to prevent actual or potential fraud.
These disclosures ultimately benefit consumers by lowering the societal cost of
insurance fraud. To "persons holding a beneficial interest relating to the
consumer" Sometimes a policyholder of a life insurance policy wishes to assign
the policy (or the cash value of the policy) as collateral for a loan. If such a
policyholder were to be permitted to "opt- out" of the insurer's right to inform
the potential lender of the value of the policy, this would make it difficult,
if not impossible, for the policyholder to get the loan. "To the institution's
attorneys, accountants, and auditors" Like any other financial institution,
life, disability income, and long term care insurers must also be able to
disclose information, which might include nonpublic personal information, to
outside advisors, including auditors, attorneys, and consultants who perform key
business functions relating to individual policies or to the product or service
business of which a policy is a part. Again, if an individual were to be
permitted to opt-out of such disclosures, it might jeopardize the insurer's
ability to do business with that particular individual or possibly jeopardize
its ability to do business generally. To "a State insurance authority" or
"self-regulatory organizations"; to "comply with federal, state or local laws",
or " in connection with a proposed or actual sale, merger, transfer, or exchange
of all of a portion of a business" Again, the importance of and need for
disclosures in these instances has been addressed above as have the reasons that
it would be ill-advised for an individual to have the right to "opt- out" of
these disclosures. The ACLI appreciates having been given the opportunity to
present these comments on these important issues relating to medical and
financial privacy and would be delighted to answer any questions. Thank you.
LOAD-DATE: July 26, 1999 
