Insurance and Your Privacy—Who Knows?<br/>Your insurer knows things
about you that your best friend probably doesn't. If you have homeowner's, health, and auto coverage, your insurance provider knows how much money you make, whether you pay your bills on time, how much your assets are worth, what medications you're taking, and which embarrassing diseases you've contracted. Your personal identification numbers, such as your Social Security number and driver's license number, are in those files as well. If you pay your premiums online, your insurance company has a record of your bank account number, too.
Insurance companies can't function without this personal information. Underwriters must know your history to determine your level of coverage, risk pooling group, and rate classification. Adjusters, particularly in the workers' compensation and auto lines, need your identification numbers to gather information from outside providers so they can settle your claims promptly. And to stay competitive, insurers must be able to develop new products and market them to the people who might be interested—special "embarrassing diseases" coverage, perhaps?
But is this information safe? Many consumers who trust their insurance agents with personal information worry about it getting in the hands of the government, an identity thief, or—worst of all—a telemarketer. Insurance companies worry about how to balance protecting their customers' privacy with maintaining enough openness to perform their day-to-day business operations for those same customers.
Two pieces of federal legislation address the issue. The Health Insurance Portability and Accountability Act (HIPAA) of 1996 authorized the Department of Health and Human Services to set minimum standards for protection of health information and gave states the right to impose tougher standards. The Financial Services Modernization Act of 1999, better known as the Gramm-Leach-Bliley Act (GLBA), gave consumers more control over the distribution of their personal financial information.
Insurance is a state-regulated business, so insurance-specific regulations fall within the authority of state insurance commissioners. Thus far, thirty-six states plus the District of Columbia are following a model developed by the National Association of Insurance Commissioners (see the model law and updates on state activity at http://www.naic.org/1privacy). An important component of the NAIC's model is the opt-in provision for health information, which regulators consider to be more sensitive than financial information. As opposed to GLBA's opt-out provision, which gives insurers the right to share your financial information with outsiders unless you specifically tell them not to, NAIC's opt-in provision means insurers can't share your health history unless you specifically permit them to do so.
But the system is far from airtight. Under GLBA provisions, insurers do not need your permission to share your data with its affiliates—and in these days of mega conglomerations, an insurance company can have lots of affiliates. Insurers are even permitted to disclose, without your permission, protected (nonidentifying) financial information to third parties with whom they have a marketing agreement.
For their part, insurers fear that further restrictions on sharing information would affect their ability to provide timely quotes and claims settlements. Another major concern is a broker's ability to shop a policy around to find the best rate and coverage for his or her client. And while consumers might complain about the paperwork involved in opting-out, insurance companies have had to develop and implement privacy policies, train all staff who handle personal information, and set up new departments to handle the opt-out wishes of tens of millions of customers. It's estimated that GBLA compliance could cost the insurance industry as much as $2 billion.
Any federal or state privacy legislation must protect consumers' right to control what happens to their personal data, but it also must preserve insurers' ability to operate their businesses. Where should the line be drawn?
Questions for Discussion
-How concerned are you about privacy? Are you more protective about your health or your financial information?
-When companies have to spend money to comply with the law, it's generally the consumer who ends up paying. Would you accept slightly higher premiums to cover the costs of keeping your personal information private?
-Why would increased privacy provisions make it difficult for brokers to give their customers the best service?