Skip banner
HomeHow Do I?Site MapHelp
Return To Search FormFOCUS
Search Terms: health information privacy, House or Senate or Joint

Document ListExpanded ListKWICFULL format currently displayed

Previous Document Document 21 of 45. Next Document

More Like This
Copyright 1999 Federal Document Clearing House, Inc.  
Federal Document Clearing House Congressional Testimony

July 21, 1999

SECTION: CAPITOL HILL HEARING TESTIMONY

LENGTH: 2872 words

HEADLINE: TESTIMONY July 21, 1999 GEORGE M. REIDER, JR. HOUSE BANKING AND FINANCIAL SERVICES FINANCIAL INSTITUTIONS AND CONSUMER CREDIT UNIONS FINANCIAL PRIVACY

BODY:
Testimony of the National Association of Insurance Commissioners before the Committee on Banking and Financial Services Subcommittee on Financial Institutions and Consumer Credit United States House of Representatives regarding Financial Privacy July 21, 1999 George M. Reider, Jr. Insurance Commissioner Connecticut Introduction Good morning, Madam Chairwoman and members of the Subcommittee. My name is George Reider, and I serve as Insurance Commissioner in Connecticut. I also serve as President of the National Association of Insurance Commissioners (NAIC). I am testifying today on behalf of the NAIC, which is the national organization of the chief insurance regulators of the 50 States, the District of Columbia and four U.S. territories. I am pleased to be here to testify on financial privacy issues, a matter of increasing importance as the integration of financial services industries becomes a reality, and as technology makes the sharing of information ever easier. At a time when it seems that anyone can retrieve your financial information at the click of a button, it is important for consumers to know that protections are in place so their personal financial information is not unfairly used. At the same time, regulation should not unreasonably stifle the flow of information necessary to the operations of the insurance companies, banks and securities firms that provide our financial services. It is this balancing act that is difficult. The challenge for Congress and the States is to determine how much disclosure is acceptable so that companies can do business, regulators can enforce the laws, and consumers personal financial information is protected. Privacy Means Keeping Personal Information Confidential and Protecting the Integrity of the Regulatory System Keeping Personal Information Confidential Protecting privacy means keeping personal information confidential. It means taking into consideration consumers needs and wishes before sharing or disclosing their personal information. People legitimately expect that companies holding personal information will not use it to take unfair advantage of them. At the same time, consumers are realistic. They understand that disclosure of some of their information is necessary for typical business needs like billing and record keeping. And they know that sometimes disclosure of information can result in real advantages for them, in the form of cost savings and convenience, for example. Protecting the Integrity of the Regulatory System Protecting privacy also entails protecting the integrity of the regulatory system. People must have confidence that information is being used correctly to protect them. They have a right to know that the government will not use their personal information unfairly, that their personal information is secure, and that it will not get into the wrong hands Financial integration heightens the need for the protection of regulatory information. As insurers, securities firms and banks converge, State and Federal regulators will increasingly need to share information to do their jobs successfully. Protections need to be in place to ensure that such cooperation does not compromise the integrity of the regulatory system. There are Two Sides to Maintaining Privacy - Commercial and Governmental Like banks and securities firms, insurers collect and have access to personal financial information about their customers. Similarly, State insurance regulators possess a significant amount of personal financial information about the insurance consumers in their States. Both face the need to share information in order to do business the right way, but both must also protect consumers. Why is personal information shared? Companies believe that sharing information with affiliates or third parties will enable them to provide the services that their customers need in an efficient, cost effective manner. Regulators need to share information to more effectively supervise the industries they regulate in order to protect the public - collectively and individually - from fraud and abuse. Here is what the NAIC and the States are doing to Assure that Insurance Companies and Agents will Protect Personal Financial Information. The States have long recognized the need to protect consumers from the unfair use of personal information. In my home State of Connecticut, for example, we have enacted a comprehensive insurance information privacy law based upon the NAIC s Insurance Information and Privacy Protection Model Act. We also have laws designed to protect personal information in connection with bank insurance sales activities and health information records. We are constantly working with our fellow States through the NAIC to monitor insurance privacy issues and assess the need for further action. The Insurance Information and Privacy Protection Model Act In its Insurance Information and Privacy Protection Model Act, the NAIC has established standards for the collection, use, and disclosure of information gathered in connection with insurance transactions. The model law has been enacted in whole or part by 19 States. The act is broad in scope. It applies to life, health, disability, and property and casualty insurers, as well as to agents and third party insurance support organizations. It covers all types of insurance information, including personal financial information. The act seeks to maintain a balance between the need by insurance companies and agents for information and the need of consumers for fairness in insurance information practices. The principal provisions of the act: i.require insurers to disclose their privacy policies to customers; ii.give consumers the right to prohibit the disclosure of information, except under certain specified circumstances; iii.outlaw pretext interviews, which is the soliciting or obtaining of personal information by false pretenses, unless fraud is suspected; and iv.give consumers access to their personal information and the right to correct inaccuracies in such information. Connecticut s Insurance Sales Privacy Law In addition to its comprehensive privacy law, Connecticut has specifically addressed the sharing of financial and other insurance information by banks that sell insurance and annuities. Like the privacy law, the insurance sales law requires the prior written consent of the customer before the bank may share personal information. It further requires a consumer s prior written consent before a bank may provide personal information to a third party in connection with the third party s solicitation or sale of insurance to such consumer. Health Information Privacy in Connecticut In Connecticut, we have also recently strengthened our laws protecting medical-record information. Disclosure of medical- record information is prohibited for marketing purposes without the prior written consent of the individual. Health Information Privacy Model Act In September 1998, the NAIC adopted the Health Information Privacy Model Act, which addresses health issues more specifically than the more general Insurance Information and Privacy Protection Model Act. The health privacy model act gives health insurance consumers the right to access and amend their protected health information, and requires consumer consent prior to the disclosure of such information. Here is what the NAIC and the States are doing to Assure that Regulators Protect Confidential Information The States possess a great deal of personal information about their citizens. Many States have enacted generally applicable laws - such as privacy or freedom of information laws - that address this issue. The State of New York, for example, has enacted the Personal Privacy Protection Law. The New York law limits the ability of State agencies to disclose personal information. It also gives individuals the right to see personal information held by State agencies, and correct inaccuracies in such information. The States and the NAIC are addressing this issue on two other fronts: i.We are revising confidentiality provisions in NAIC model laws; and ii.We are addressing confidentiality issues in regulatory information exchanges with other regulators. The NAIC s Regulatory Confidentiality Initiative The NAIC is in the midst of a Regulatory Confidentiality Initiative that was instituted at the beginning of this year. The purpose of the Initiative is to amend all applicable NAIC model laws to strengthen the ability of State insurance regulators to keep sensitive regulatory information confidential. This will help preserve the privacy of individuals and entities, in addition to providing a strong platform for States to use in entering into confidentiality agreements with State, Federal and international regulators. The Confidentiality Initiative is scheduled to be completed by the end of this year, at which time the revised model laws will be ready for consideration and adoption by the States. Information Sharing Among Regulators State insurance regulators are also working closely with our fellow regulators, including some of the Federal agencies represented by the distinguished members of this panel. Our goal is to ensure that financial services consumers continue to receive the same level of protection in the new world of financial integration that they have relied upon for years. State insurance regulators and Federal banking regulators have held joint training and education sessions, and are developing formal written agreements for cooperating and exchanging information on regulatory matters. The NAIC recently approved a model consumer complaint information sharing agreement jointly developed with the Office of the Comptroller of the Currency (OCC). The purpose of this model agreement is to ensure that consumer complaints about bank sales of insurance are routed to the appropriate regulator. Ten States have already implemented agreements based on the model, and several other States are scheduled to sign such agreements in the coming weeks. The NAIC is also working with the Office of Thrift Supervision (OTS) and the Conference of State Bank Supervisors (CSBS) to develop regulatory cooperation agreements. These agreements cover information sharing and cooperation on a broader range of consumer complaint, examination and enforcement matters. We expect them to be completed soon. Like the consumer complaint agreement with the OCC, they will serve as models for individual States to use as a basis for establishing ongoing working relationships with OTS and State bank regulators. The OCC agreement and the agreements under development with the OTS and State bank regulators have strong confidentiality provisions making it clear that confidential information is to be protected to the fullest extent possible. This language not only protects consumers, but also protects companies, agents and other entities engaged in the business of insurance who may be the subject of shared regulatory information. Congress Should Consider Improvements to Facilitate the Protection of Confidential Regulatory Information Congress should consider adopting the following proposals, which would strengthen the ability of State insurance regulators to protect the privacy of personal and financial information in their possession. 1.Protect the confidentiality of regulatory communications among NAIC, State regulators, and Federal agencies. Federal law should clearly state that confidential information can be exchanged between State insurance regulators and Federal agencies. Such protections may also extend to communications with international regulators. 2.Provide State insurance regulators and NAIC with access to the national criminal history database (NCIC) for regulatory purposes and for checking criminal histories as required by the Federal Insurance Fraud Prevention Act. Protecting the integrity of private information in the insurance system means guarding against fraud and abuse. State licensing, fraud, and enforcement staff have long sought access to the criminal history databases maintained by the FBI (usually referred to as NCIC access). The Department of Justice supplies criminal history information to the American Bankers Association so banks can run checks on employees, and also supplies the information to the securities and commodities trading industries. However, the Justice Department has not been willing to extend such authority to State insurance regulators, despite years of discussions. Only a few States are currently able to access NCIC. In the remainder, enforcement personnel have no practical way to check the possible criminal background of an individual, even when they suspect a serious violation of law. Statistics from the few States which are able to run criminal history checks show that between 10 and 15 percent of agent applicants conceal criminal convictions on their applications. Under the Federal Insurance Fraud Prevention Act (18 USC 1033), a person with a felony conviction involving dishonesty or breach of trust is barred from the business of insurance unless they have a specific exemption from a State insurance regulator. Insurance companies also have a duty not to employ convicted felons, but there is no reasonable means for them to check the criminal records of job applicants and employees. Giving authority to the NAIC to obtain criminal records checks would provide a single mechanism for regulators and insurance companies to comply with their legal obligations, and would not overburden the FBI with multiple points of contact. The industry generally, as well as the Insurance Regulatory Information Network (IRIN) Board, support this goal. 3.Grant Federal immunity from liability for NAIC and IRIN database activities. Protecting the integrity of the regulatory system means States, and entities acting on their behalf, must be able to maintain the privacy of confidential information without the threat of frivolous lawsuits. Major financial and enforcement regulatory databases for insurance are all maintained by the NAIC. Key licensing data is supplied by the States to the producer database, which is part of IRIN. Although NAIC and IRIN act on behalf of State governmental entities, they have no direct tort immunity from suit. This exposes IRIN and NAIC to potential legal actions. A number of States grant immunity to the NAIC, but this does not cover all potential suits; a plaintiff could simply file in a different State. Federal immunity would permit NAIC and IRIN funds to be spent for their intended purposes, not on lawsuits. Immunity would extend to the NAIC as an entity, as well as its members, officers, and employees. 4. Grant exemptions from the Fair Credit Reporting Act for IRIN, the NAIC, and State insurance departments regarding regulatory licensing activities and related databases. State regulators ability to protect privacy can be hampered by expansive interpretations of Federal regulations. Recent amendments to the Fair Credit Act extended its provisions to databases not typically a part of the credit rating process. These amendments apply to databases used for both credit rating and employment purposes. Expansive interpretations by the Fair Trade Commission have extended the Act even to situations involving administrative licensing. The Act, if it were determined to apply to IRIN, would impose extensive notice and appeal requirements, just as if IRIN were a credit bureau. The solution to these problems is simple - State insurance regulatory activities should be specifically exempted from the Act. 5.Authorize the use of social security numbers for licensing purposes, for the NAIC producer database, and for use by the Insurance Regulatory Information Network (IRIN). Accurate identification of individuals is a key part of maintaining privacy. The use of social security numbers (SSN s) is restricted under the Federal Privacy Act of 1974. Most States have found ways to supply social security numbers for the producer data base, but a few States still have significant problems. Use of SSN s is the minimum element needed for properly identifying agents. A specific clarification in federal law would resolve any problems relating to use of SSN s for insurance regulatory purposes. 6.Facilitate the use of regulatory databases, including digital signatures, acceptance of credit cards, and electronic funds transfers. Advances in technology provide opportunities to improve privacy protections. Implementation of efficient electronic processing faces many hurdles, including various State requirements on how payments can be made, and what form of signatures will be accepted. Many of these requirements are in State laws or regulations outside the control of the insurance departments. In some States, for example, no payments via credit cards can be made. Some require payment with each transaction, even if there are multiple transactions per day with one entity. Other States will bill periodically. Technology exists to use both electronic funds transfers and digital signatures, which would make many transactions more feasible and cost-effective.

LOAD-DATE: July 24, 1999




Previous Document Document 21 of 45. Next Document


FOCUS

Search Terms: health information privacy, House or Senate or Joint
To narrow your search, please enter a word or phrase:
   
About LEXIS-NEXIS® Congressional Universe Terms and Conditions Top of Page
Copyright © 2002, LEXIS-NEXIS®, a division of Reed Elsevier Inc. All Rights Reserved.