Privacy Working Group Adopts
Regulation
DALLAS – Members of the National Association of
Insurance Commissioners (NAIC) Privacy Working Group adopted
standards for the regulation of Consumer Financial and Health
Information during deliberations at the organization’s Fall National
Meeting here today.
"We believe a national standard for the privacy of
personal health and financial information is critical for both
consumers and financial institutions," said Kathleen Sebelius,
Kansas Commissioner of Insurance, NAIC Vice President and Chair of
the Privacy Issues Working Group. "Congressional action to protect
privacy across the country will assure consumers that their personal
information will be protected regardless of where they live and
regardless of which financial entity collects the information."
The privacy regulation is tailored to provisions of
the Gramm-Leach-Bliley Act regarding non-personal financial
information. A section has been added protecting health information
and provides for companies wishing to share, sell, market or give
away health information, except for specific business exceptions, to
get authorization from consumers.
The Department of Health and Human Services is
currently drafting federal privacy regulations. These regulations
may not go into effect until fall 2002.
"Consumers are worried about what will happen to
their personal financial and health information from now until the
Health and Human Services Regulation goes into effect," stated
Sebelius. "Our regulation provides a bridge for consumer protection
until the HHS regulation is implemented."
The charge of the Privacy Working Group was to
explore the uniform approach that the states should take with
respect to consumer privacy provisions under the Gramm-Leach-Bliley
Act. The goal was to write consumer-friendly model privacy
regulations for insurance companies that are as consistent as
possible with other financial rules, such as federal rules that
pertain to banks.
Members of the NAIC have been discussing and
addressing the privacy of personal information, including health
information, for more than 20 years. In 1980, the association
adopted the Insurance Information and Privacy Protection Model Act,
which generally requires insurers to receive authorization from
individuals ("opt-in") to disclose personal information. In
September 1998, the association adopted the Health Information
Privacy Model Act because of the special issues surrounding health
information. This model treats personal health information as a
different type of information that receives a higher level of
privacy protection. The model uses an "opt-in" standard and
establishes exceptions that allow insurers to carry on business
functions without obtaining consumer consent.
The privacy regulation will be voted on by NAIC
members during an Executive and Plenary conference call scheduled
for September 26, 2000.
A copy of the regulation may be obtained by
accessing the NAIC’s Web site.
The NAIC is located on the World Wide Web at
www.naic.org. It is the nation's oldest association of state
government officials, consisting of insurance regulators from the 50
states, the District of Columbia and four U.S. territories.
(Note: Members of the media may register
on-site at the Wyndham Anatole Hotel free of charge. The NAIC
will offer a media workroom in the Opal Room, Lobby Level,
from 8 a.m. to 5 p.m. Sunday-Tuesday and on Wednesday from 8
a.m. to 1 p.m. All registrants receive a complete schedule of
meetings upon
arrival.) | |