Health Insurance Quotes
States on track to adopt consumer privacy regulations
In a flurry of consumer privacy activity, states rushed to comply with 1999's federal financial services modernization act, also known as the Gramm-Leach-Bliley Act (GLBA), which allows banks and insurance companies to engage in each other's business. The GLBA mandates that states pass privacy legislation for insurance consumers offering equal privacy protection to the federal privacy regulations imposed on banks.
According to the National Association of Insurance Commissioners (NAIC), as of May 1, 2002, the District of Columbia and 49 states had laws and/or regulations that meet the GLBA's privacy standards. However, the extent of those protections varies from state to state, with some states giving consumers more control over how insurers can use their financial and health information.
Highlights of the NAIC's privacy regulation
The NAIC's privacy model act does not prohibit insurers from sharing customers' financial information, with the exception of account numbers and medical information. The NAIC reports that:
- 36 states plus the District of Columbia had enacted regulations/laws based on the NAIC model privacy regulation;
- 22 states include the financial and health provisions of the model (two of those states have "opt-in" instead of "opt-out" requirements);
- 14 states plus the District of Columbia have financial but not health provisions of the model;
- 13 states had retained the NAIC's 1982 model privacy act on their books; and
- one state had privacy regulations pending, but had not taken final action.
The NAIC's privacy model act does not prohibit insurers from sharing customers' financial information, with the exception of account numbers and medical information. Rather, the NAIC's model act requires insurers to notify consumers of their right to "opt out" of information sharing.
The "opt out" requirement means that consumers must tell the insurer in writing not to share any personal financial data with affiliate companies such as marketers and other financial services providers. The NAIC's model privacy act prohibits all sharing of health information without explicit written consent from the consumer.