NAIC to Provide Testimony on Privacy of Health
Information
WASHINGTON, D.C. –
Sensitive health information requires a higher level of protection
than other types of personal financial information, stated Kathleen
Sebelius, Kansas Commissioner of Insurance, NAIC Vice President and
Chair of the Privacy Issues Working Group and Glenn Pomeroy, North
Dakota Commissioner of Insurance, NAIC Immediate Past President and
Vice-Chair of the Privacy Issues Working Group. Sebelius and Pomeroy
testified today before the U.S. House of Representatives on H.R.
4585, the Medical Financial Privacy Protection Act, which addresses
concerns regarding the sharing of medical information.
“H.R. 4585 is a good
step in the right direction to provide comprehensive privacy
standards across the board regarding financial institutions and
individually identifiable health information,” said Kathleen
Sebelius.
Congress adopted
privacy protections for financial information as part of the
Gramm-Leach-Bliley Act (GLBA) passed last year. The potential for mergers
between insurance companies and other financial firms has raised
concerns about the sharing of medical information among financial
affiliates and with unaffiliated third parties. Although health privacy was
not included in GLBA, the federal regulations have changed the
landscape because “financial information” is defined to include
health information. The
limited privacy protections included in GLBA fail in the health area
because the law does not provide more stringent protection for
health information.
Members of the NAIC
have been discussing and addressing the privacy of personal
information, including health information, for more than 20
years. In 1980, the
association adopted the Insurance Information and Privacy Protection
Model Act, which generally requires insurers to receive
authorization from individuals (“opt-in”) to disclose personal
information. In
September 1998, the association adopted the Health Information
Privacy Model Act because of the special issues surrounding health
information. This new
model treats personal health information as a different type of
information that receives a higher level of privacy protection. The model uses an “opt-in”
standard and establishes exceptions that allow insurers to carry on
business functions without obtaining consumer consent.
“We will continue to
develop a uniform model regulation, and we believe a national
standard for the privacy of personal information is critical for
both consumers and financial institutions,” said Sebelius. “Congressional action to
protect health privacy across the country could expedite this
process and assure consumers that their personal health information
will be protected regardless of where they live and regardless of
which financial entity collects the information.”
States are working
through the NAIC to promulgate a model privacy regulation
implementing GLBA for the business of insurance and have an
accelerated timetable for finalizing this regulation to meet the
GLBA privacy mandate for insurance activities. A final work product is
slated for September 2000, so states may implement it by regulation
or introduce it as legislation in the next legislative session.
The NAIC is located on
the World Wide Web at http://www.naic.org/portal_pages/splash.htm. It is the nation's oldest
association of state government officials, consisting of insurance
regulators from the 50 states, the District of Columbia and four
U.S. territories.
|