LEXIS-NEXIS® Congressional Universe-Document

Search Terms: medical w/5 information w/5 privacy, House or Senate or Joint

Document 11 of 124.

View Related Topics

June 14, 2000, Wednesday

SECTION: PREPARED TESTIMONY

LENGTH: 3338 words

HEADLINE: PREPARED TESTIMONY OF ROBERT H. RHEEL SENIOR VICE PRESIDENT THE FIREMAN'S FUND INSURANCE COMPANY THE AMERICAN INSURANCE ASSOCIATION

BEFORE THE HOUSE COMMITTEE ON BANKING AND FINANCIAL SERVICES

SUBJECT - H.R. 4585 THE MEDICAL FINANCIAL PRIVACY PROTECTION ACT

BODY:
Mr. Chairman and Members of the Committee:

My name is Robert H. Rheel, senior vice president at the Fireman's Fund Insurance Company. I am pleased to appear before you today on behalf of the American Insurance Association to discuss H.R. 4585, the Medical Financial Privacy Protection Act, and we appreciate the opportunity to present our views.

The AIA is the principal trade association for property and casualty insurance companies, representing more than 370 major insurance companies which provide all lines of property and casualty insurance and write more than $60 billion in annual premiums. Fireman's Fund, established in 1863 in San Francisco, California, is among the nation's top writers of property casualty insurance and employs over 8,000 people.

INTRODUCTION

The issue of maintaining the privacy of medical information is a vitally important issue for consumers and for our member companies. As we have stated on several occasions before this Committee and elsewhere, information is the lifeblood of the insurance industry. Without access to customer information, we could not offer and provide insurance products to consumers. We could not process claims, and we could not protect against fraudulent activities. At the same time, we recognize how concerned policyholders are that we preserve the confidentiality of the sensitive medical and financial information we maintain. Insurance companies have long had experience with maintaining and protecting financial and medical information we collect and possess about our policyholders. Many states have already enacted laws that provide protection for medical and financial information maintained by insurance companies. These laws provide a well-balanced approach to consumer privacy, and provides significant protection at the state level for consumers' medical and financial information while not unduly interfering with the necessary disclosure of information needed to underwrite insurance and process transactions and claims.

The recently enacted, and soon to be effective, privacy provisions of the Gramm-Leach-Bliley Act and rules recently adopted by the federal financial institution regulatory agencies already provide coverage for medical information maintained by financial institutions. We understand that the state insurance commissioners are considering rules to implement Title V. In view of the importance access to medical information plays in the insurance industry, we have urged the commissioners at this time to defer action on the issue of medical information.

In view of all of these evolving events, we do not believe it is appropriate nor necessary for Congress to adopt legislation at this time. Insurers and other financial institutions are in the process of implementing the Gramm-Leach-Bliley Act and the rules adopted by the agencies and the state insurance regulators. At this time, we do not believe the benefits which the bill purports to provide outweigh the considerable burdens it would clearly impose. We are unaware of any instance of abuses in the property/casualty insurance industry . Further, there are some serious drafting oversights which we believe need be addressed. Finally, adoption of the legislation at this time would prove particularly disruptive, and we believe it to be inappropriate at this time.

THE EXPERIENCE OF THE INSURANCE INDUSTRY WITH PROTECTING MEDICAL INFORMATION IS EXCELLENT

The insurance industry has long recognized that information concerning customers must be protected and not disclosed to third parties except as necessary to facilitate transactions with customers. Insurance companies employ strict procedures to ensure that customer information is used only to carry out our responsibilities under the policies we have entered into with our customers.

Insurance companies have a legitimate need for information about policyholders and claimants. In the context of processing claims, a company finds it necessary to obtain information regarding a claimant in order to decide whether or not to pay a claim. It may be necessary to request claimants to provide medical information as part of the claims processing process. Such information is carefully guarded by insurance companies, and is released to third parties only as necessary to facilitate the processing of the claim.

As the Committee is aware, last November Congress enacted comprehensive legislation that ensures the confidentiality of consumers' personal information maintained by financial institutions, including insurance companies. The legislation requires all financial institutions to provide their privacy policies to customers at the time the customer relationship is established and each year. Financial institutions are not permitted to share personal information about a consumer with a nonaffiliated third party unless the consumer has been notified about the possibility of such disclosures and has not informed the financial institution to keep the information confidential. The rules adopted by the federal agencies provide that medical information maintained by financial institutions is covered by the privacy protections of Title V of the Gramm-Leach-Bliley Act. The rules also provide that the Act goes into effect beginning this November, and that financial institutions are required to comply with all aspects of the rules and legislation by July 1st of next year.

The nation's federally regulated financial institutions are just beginning to implement the rules the agencies adopted last month. In view of the uniqueness of insurance companies, Title V provided that the state insurance commissioners should enforce the privacy provisions applicable to insurance companies. The commissioners, under the auspices of the National Association of Insurance Commissioners, are now in the process of evaluating these rules and proposing privacy rules that would apply to insurance companies. It will undoubtedly be another few months before these rules are adopted. In this regard, the commissioners recently adopted a resolution indicating that they intend to promulgate rules that provide a uniform compliance date of July 1, 2000, which is the same date adopted by the federal regulators.

In addition, the federal agencies and state insurance commissioners are required to develop standards for financial institutions relating to administrative, technical and physical safeguards to insure the security and confidentiality of customer records and information. We believe the insurance industry already has in place effective procedures for protecting the confidentiality and security of our policyholders' personal information, and we are confident that we will meet the standards the agencies adopt.

It is important to recognize that the implementation of Title V is enormously complex. It involves more than just mailing privacy statements to customers.

Financial institutions must determine the categories of information they collect and disclose and the categories of third parties to whom they disclose information. Information systems must be modified to maintain the names and other identifying information of customers who do not want their information shared with unaffiliated third parties. These systems must be integrated with existing systems to ensure that the customer's instructions are followed. Financial institutions have advised that it will take at least six months to develop, implement and test the system changes that they have begun to develop. To impose the additional requirements that are called for in H.R. 4585 would result in considerable, unwarranted burdens on financial institutions that are dedicating significant resources to implementing Title V.

THE REQUIREMENTS OF H.R. 4585 ARE NOT NEEDED AT THIS TIME

Opt In Requirements are Inappropriate

The proposed legislation requires financial institutions to obtain the consent of consumers before disclosing any individually identifiable health information. As a practical matter, insurance companies obtain the consent of prospective policyholders to obtain and release health information in connection with processing insurance applications. Nevertheless, we do not believe that the requirement for obtaining the consumer's consent fits well with the requirement of Title V that the consumer be given an opportunity to opt out from proposed disclosures to third parties.

The opt in requirement will be unnecessarily confusing for financial institutions and consumers. The AIA believes that the current opt out provisions of Title V, taken in conjunction with those of the Fair Credit Reporting Act, provide considerable protections for consumers to assure that the confidentiality of their health information will be maintained. Consumers who are concerned with the disclosure of such information will be given numerous opportunities to instruct the financial institutions they do business with not to disclose nonpublic personal information, including health information, with third parties. The agencies' rules provide that notices must be clear and conspicuous, and must give the consumer a reasonable means of opting out. Recognizing, however, that there is a higher level of concern with the sharing of medical information, we are willing to consider a narrowly drafted requirement relating to the sharing of medical information for marketing purposes. We are in the process of discussing such an approach with the National Association of Insurance Commissioners. Such a provision cannot impinge upon an insurer's ability to conduct its core insurance functions. In addition, new requirements should not be imposed until insurers and other financial institutions have had the opportunity to make the systems changes needed to comply with the original provisions of Title V.

Affiliates Should Not be Subject to the Requirements

The Gramm-Leach-Bliley Act provides that financial institutions must disclose to consumers their policies regarding the sharing of information with affiliated and unaffiliated third parties. However, the opt out requirements of Title V apply only to the sharing of information with unaffiliated third parties. The Gramm-Leach-Bliley Act does not cover sharing information with affiliates for several reasons. First, in many instances an affiliate is nothing more than a department of the company. Financial institutions may establish separate subsidiaries for reasons related to licensing, tax and organizational objectives. For example, in view of the state-oriented regulatory structure applicable to the insurance industry, it is commonplace for companies to establish subsidiaries in different states. Information relating to policyholders, however, is often made available among affiliates in order to better serve customers. As a result, the sharing of information among affiliates is tantamount to the company using the information itself for its own business-related purposes. No purpose is served by imposing additional hurdles to the sharing of such information. Indeed, additional burdens on information sharing would undoubtedly reduce the ability of insurance companies to serve its policyholders.

In addition, Title V recognizes that institutions that share information with affiliates already are subject to the Fair Credit Reporting Act. The FCRA provides that an institution may not disclose personal information of its customers (other than transaction and experience information) to an affiliate unless the consumer has been given an opportunity to opt out. As a result, under current law financial institutions may not routinely share health information with affiliates unless they have given consumers an opportunity to opt out from such disclosure.

In view of the carefully crafted language of the Gramm-Leach-Bliley Act, as well as the coverage for affiliate sharing contained in the FCRA, we believe that any further restrictions on the ability of financial institutions to share information with affiliates should await a comprehensive review of the FCRA. In any event, they should not prevent insurance subsidiaries within a holding company structure from sharing medical information that is needed to serve customers.

Restrictions on Information About Personal Spending Habits Are Unnecessary

H.R. 4585 limits the ability of financial institutions to use information relating to payments the consumer has made without the consent of the consumer if such information is derived from individually identifiable health information. While the insurance industry does not ordinarily make use of such information in this manner, we believe that the proposal would have unintended effects.

It is operationally difficult for financial institutions to distinguish between payments that relate to health claims and other payments. Accordingly, the profiling provision of the legislation would apply to all payment information which financial institutions maintain. In view of the broad coverage of this section, this restriction could prove very disruptive to the ongoing operations of financial institutions. Because financial institutions may be unable to separate financial and medical, insurers may not be able to obtain necessary information about a payment which a policyholder may have made without running afoul of this section.

We do not believe that the limited benefits which the provision provides outweighs the considerable operational burdens.

There Is No Reason Why The Exceptions of H.R. 4585 Should Be More Limited Than Those In Title V

In order to avoid serious disruptions to normal operations, Congress wisely adopted several exceptions that permit financial institutions to routinely share customer information with third parties. These include sharing information as necessary to effect, administer or enforce transactions requested or authorized by consumers. Similarly, H.R. 4585 provides a number of exceptions as well to the requirement that the consumer's consent be obtained before health information may be shared.

However, the bill leaves out several exceptions that are important for the insurance industry. For example, Title V permits insurance companies to provide information to insurance rate advisory organizations, state guaranty funds or agencies, rating agencies and persons assessing the financial institution's compliance with industry standards. These exceptions are critical to the insurance industry. We believe the reasons for the exceptions provided in Title V apply with equal force to the sharing of information under H.R. 4585. Accordingly, we urge the Committee to restore the exceptions as provided in Title V.

State guaranty funds and agencies play an important role in connection with the insolvency of insurance companies. These organizations play a role similar to that of the Federal Deposit Insurance Corporation with regard to depository institutions. In the event an insurance company fails, guaranty funds and agencies provide the necessary continuity by stepping in to satisfy claims (including those that relate to payments to cover medical care) of the failed company. In order for them to perform their function effectively, it is imperative that they have access to all information in the insolvent insurance company's files.

Insurance rate advisory organizations, rating agencies and persons assessing the financial institution's compliance with industry standards must have access to a full range of information from insurance companies in order to assesses risk and perform their important evaluative roles. We think it is important for these exemptions to apply to the sharing of health information as well.

Title V also permits a financial institution to disclose information to a third party who is assisting the institution in marketing its products and services if the institution fully discloses this to the customer and the third party contractually agrees to maintain the confidentiality of the information.

Because it is quite common for insurance companies to rely upon third parties such as independent agents to market insurance products, it is very important that this exception also apply to the sharing of health information. Without this exception, insurance companies would be unable to continue to use their current marketing channels.

Another exception provided for in Title V which was not carried through to H.R. 4585 is the provision which permits financial institutions to provide information to consumer reporting agencies in accordance with the Fair Credit reporting Act or from a consumer report by a consumer reporting agency. We believe that this is an important exception, particularly in view of the broad scope of the definition of the term "individually identifiable health information." As the Committee is aware, the FCRA imposes severe limitations on the ability of consumer reporting agencies to provide information to requestors. It is important for the smooth functioning of the insurance industry that companies be able to provide information to consumer reporting agencies and that we be able to make use of information provided by such agencies.

RESTRAINTS ON INFORMATION REQUESTS

We are puzzled by the requirement contained in H.R. 4584 that in connection with considering a loan request, financial institutions may not use information from an affiliate unless they normally receive the same information from unaffiliated parties. If a financial institution believes it is desirable to obtain information from an affiliate, we see no public policy reason why the consumer should not be able provide his or her consent to permit the affiliate to share the information with the financial institution. It is cumbersome and inefficient to require the financial institution to seek information from other sources, and we cannot understand what purpose is served by such a requirement.

ACCESS AND CORRECTION RIGHTS

H.R. 4585 requires financial institutions to make available to consumers individually identifiable health information which the institution possesses, and provide the consumer with an opportunity to request that inaccurate information be corrected. The AIA believes that such access should be limited only in instances where the consumer's application is denied based upon the health information contained in the institution's records. We see little purpose to be served in providing access to such information when the consumer has not been denied a product or service by the financial institution. The burden and expense that financial institutions would incur in order to provide access to such information to consumers who were not denied products and services far outweighs the benefits.

We also believe it important that customers not be given access to certain confidential information, such as information insurance companies maintain in connection with investigating fraud, misrepresentation, unlawful activity, and information developed in connection with litigation. Permitting customers to obtain access to such information would have an adverse effect upon the ability of financial institutions to investigate illegal activity and defend themselves against improper activities.

CONCLUSION

In summary, we want to underscore that insurers understand and appreciate that consumer privacy, especially as it relates to financial and medical information, is a top public policy concern. We believe the experience of the property / casualty insurance industry demonstrates that confidential health information is presently being protected by companies and we know that we must remain ever vigilant to protect this information in order to maintain our policyholders' confidence. However, in our effort to secure this information, legitimate disclosures of information needed to continue to provide our customers with the insurance protection they require should not be restricted. We look forward to working with the Chairman and Members of the Committee on this very important issue.

END

LOAD-DATE: June 15, 2000

Document 11 of 124.


Search Terms: medical w/5 information w/5 privacy, House or Senate or Joint
To narrow your search, please enter a word or phrase: