ARIZONA STATE SENATE
Phoenix, Arizona
insurance information;
privacy protection
Requires the protection of private and
personal information of insured by insurance producers and insurers.
Background
In 1999, the U.S. Congress passed the Financial Modernization Act, also known as the Graham Leach Bliley Act (GLB). GLB allows banks to affiliate with securities and insurance enterprises through the creation of Financial Holding Companies (FHC) and attempts to address the inefficiency, lack of uniformity, reciprocity and coordination within the existing multi-state insurance regulatory system. GLB imposes requirements on financial institutions, including insurance companies, regarding disclosure of a consumer’s personal financial information. Federal regulations are responsible for enacting privacy standards governing banks. States are responsible for enacting standards governing the transaction of insurance. States must pass laws that are at least as stringent as the GLB requirements or the federal laws will supercede the states’ laws. Unlike many states, Arizona already has laws governing the privacy of consumers’ financial and medical information collected in the context of an insurance transaction. S.B. 1288 strengthens Arizona’s current laws bringing them into compliance with GLB and conforming other statutes to the new federal laws guarding personal information distribution.
According to DOI, there is no fiscal impact associated with this bill.
Provisions
1. Requires notification of information practices of the insurer:
a) No later than the delivery of the certificate or policy to the consumer or at the time of collection of the information if it is not from the person or from public records.
b) At least annually, in the case of continuing relationships with the policyholder.
c) At reinstatement requests, if the notice was not given in the immediately preceding twelve months.
2. Allows notification to be in electronic form if the policy holder agrees and if the notification contains specific information regarding the type of personal information collected, categories of persons to whom the producer releases personal information, and other criteria.
3. Requires that disclosures to individuals require clear, dated, and specific authorization forms that specify the recipient of the information.
4. Limits the effective dates of authorization to specific times depending on the reason for the collection of information and the duration of claims.
5. Allows policyholders to revoke the authorization of the disclosure of information.
6. Prescribes requirements for the consent of disclosure forms, including the revocation by the individuals or their authorized representatives.
7. Prohibits disclosure of information either directly or through an affiliate unless permission is given or it is necessary for:
a) Specific actions either at the behest of the policyholder or to stop the loss of insurance.
b) The recipient to perform a business function for the insurer and has a contractual obligation that prohibits the recipient from disclosing the information or using it in a way other than in the manner for which it was intended.
c) The protection of the confidentiality of the insurer’s records.
d) Prevention or detection of fraud or other malfeasance by the insured.
e) Risk control or for resolving policyholder disputes.
f) Individuals that have a legal interest in a policy of insurance, and is limited to reasonable necessary, non-medical information and is necessary for the individual to protect their interest in the policy.
g) Persons acting as legal representatives of the individual.
h) Providing information to a number of professional organizations and individuals that audits or otherwise rates an insurer and assesses compliance with industry standards.
i) Complying with other federal, state or local laws, in response to an investigation related to public safety, or other civil, criminal or regulatory investigation.
j) Reporting to a consumer-reporting agency in accordance with federal law.
8. Changes the service of process to certified mail.
9. Mandates that violation of S.B. 1288 constitutes an unfair trade practice.
10. Prohibits discrimination based on individual’s authorizing or opting out from the disclosure of information, including medical records information.
11. Permits insurers to comply by meeting requirements of the Federal Health Insurance Portability and Accountability Act Privacy Rule.
12. Makes technical and conforming changes.
13. Prescribes new definitions and retains existing definition of personal information which includes financial and medical information.
14. Provides for a general effective date.
Prepared by Senate Staff
February 20, 2001