Secret identity: insurers have spent countless hours working to meet policyholder privacy requirements. Now the results are paying off in customer satisfaction and retention. (Industry Strategies).Protecting policyholders' privacy to comply with two new lawas and in response to consumer concerns has been a major challenge for insurers for several years. Nearly a year after the deadline for compliance with the Financial Services The examples and perspective in this article or section may not represent a worldwide view of the subject. Please [ improve this article] or discuss the issue on the talk page. Modernization modernization Transformation of a society from a rural and agrarian condition to a secular, urban, and industrial one. It is closely linked with industrialization. As societies modernize, the individual becomes increasingly important, gradually replacing the family, Act of 1999, many insurers are focused on making sure their financial-privacy practices continue to follow the rules. They're also investing time and money in preparing to meet next year's compliance deadline for the Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996. According to the Centers for Medicare and Medicaid Services (CMS) website, Title I of HIPAA protects health insurance coverage for workers and their families when of 1996. Most insurers believe the new requirements have had a positive effect. In addition, they believe the result is increased customer satisfaction, greater customer loyalty and higher retention, because customers know their personal financial information is secure. In Compliance Insurers were busy last year preparing and mailing thousands of financial-privacy notices to consumers. The Financial Services Act, better known as Gramm-Leach-Bliley, allows financial institutions, such as banks, insurers and securities firms, to affiliate under one corporate roof. It also established rules to give consumers more control over disclosure of their personal financial information. Under the act, financial institutions must send customers annual notice of their information-sharing policies and give customers the ability to "opt-out," or direct their bank or insurer not to share their nonpublic personal information to third parties for marketing purposes. Allstate Insurance Co. began its compliance efforts with the creation of a multidisciplinary mul·ti·dis·ci·pli·nar·y adj. Of, relating to, or making use of several disciplines at once: a multidisciplinary approach to teaching. task force to study the company's cross-organizational practice of collecting and using customer information. From the task force's findings, legally compliant privacy notices were written and mailed to policyholders beginning in January 2001. Allstate plans to ensure that all practices described in the notices are carried out and to keep a watchful watch·ful adj. 1. Closely observant or alert; vigilant: kept a watchful eye on the clock. See Synonyms at aware, careful. 2. Archaic Not sleeping; awake. eye on state-by-state variances of privacy regulations that could affect language and the way notices will be sent in the future. Columbus, Ohio-based Nationwide Insurance Co. has been preparing for Gramm-Leach-Bliley compliance for several years. The company assembled a cross-functional team In business, a cross-functional team is a group of people with different functional expertise working toward a common goal. It may include people from finance, marketing, operations, and human resources departments. of nearly 200 employees to concentrate on getting notices out by the July 1, 2001, deadline, amending contracts and notifying business partners that they, too, had privacy responsibilities. Gramm-Leach-Bliley requires that business partners be in compliance with federal and state privacy laws. To meet the requirement, Nationwide defaulted to signed contracts, but the insurer plans to establish a more formal process in the coming months. Nationwide is now educating employees about privacy practices and plans to roll out an online "privacy university" later this year. The program will include a general educational module providing a privacy overview and legal information and more specialized modules geared to individual departments and featuring real-life scenarios in which employees are asked questions about how they would handle hypothetical situations. Minnesota-based St. Paul St. Paul as a missionary he fearlessly confronts the “perils of waters, of robbers, in the city, in the wilderness.” [N.T.: II Cor. 11:26] See : Bravery Cos. took a somewhat different approach. After identifying seven business units with about 207,000 affected policyholders, the company modified its systems to automatically generate privacy notices to these policyholders by the July 1 deadline. "Our privacy compliance efforts were made easier, because we're predominantly a commercial insurer that, with regards to Gramm-Leach-Bliley and the NAIC NAIC See National Association of Investors Corporation (NAIC). regulation, didn't have the magnitude of policyholders that a larger insurer had, and traditionally we have been very conservative in the way we market customer information to third parties. The bottom line is, we don't do it," said Jeff Slack, assistant vice president and senior regulatory counsel. These two factors made St. Paul's
Overall, insurers met the compliance process head-on and "most, if not all, companies got the July 1, 2001, initial privacy notices out' said Scott Harrison Scott Harrison (born August 19 1977) was the first Scottish boxer to regain the World Boxing Organisation featherweight championship. Life Scott Harrison was born in Bellshill, Lanarkshire, but lived most of his life in Cambuslang. , partner in charge of the insurance regulatory practice for the professional services (job) professional services - A department of a supplier providing consultancy and programming manpower for the supplier's products. firm KPMG KPMG Klynveld Peat Marwick Goerdeler (accounting firm) KPMG Kaiser Permanente Medical Group KPMG Keiner Prüft Mehr Genau (German) KPMG Kommen Prüfen Meckern Gehen LLP LLP - Lower Layer Protocol . He believes the industry is now facing several new challenges, however, including dealing with security requirements contained in the statute. New York New York, state, United States New York, Middle Atlantic state of the United States. It is bordered by Vermont, Massachusetts, Connecticut, and the Atlantic Ocean (E), New Jersey and Pennsylvania (S), Lakes Erie and Ontario and the Canadian province of has taken the lead to promulgate To officially announce, to publish, to make known to the public; to formally announce a statute or a decision by a court. a specific security regulation modeled after the federal guidelines guidelines, n.pl a set of standards, criteria, or specifications to be used or followed in the performance of certain tasks. adopted last year by various federal banking regulatory affiliates, he said. Insurers, such as Louisville, Ky.-based Humana Inc., are assessing security systems and ensuring that privacy and protection processes are in place. Humana also will look at new technologies, such as secure messaging or encryption The reversible transformation of data from the original (the plaintext) to a difficult-to-interpret format (the ciphertext) as a mechanism for protecting its confidentiality, integrity and sometimes its authenticity. Encryption uses an encryption algorithm and one or more encryption keys. systems, that will assist in the privacy protection process. Overcoming Challenges While most insurers seamlessly moved into Gramm-Leach-Bliley privacy compliance, there were a few bumps along the way. The extra time, effort and money needed to come into compliance were felt by some insurers. "Whenever you have something that affects the entire enterprise, it takes time to ensure you are touching all necessary bases and doing all you have to do to comply with the law and serve the needs of your customers," said JoAnne Kron, counsel, law and regulation for Allstate Insurance Co. State regulations are adding some extra wrinkles wrinkles See bells and whistles. in the privacy patchwork. If a state privacy regulation is more stringent than those in Gramm-Leach-Bliley, it takes precedence The order in which an expression is processed. Mathematical precedence is normally: 1. unary + and - signs 2. exponentiation 3. multiplication and division 4. over the federal law. "Many of the larger companies are dealing with how each state is going to interpret Gramm-Leach-Bliley within its own regulatory framework," said Karen Skarupski, associate general counsel for Erie, Pa.-based Erie Insurance Co. "It has become a huge compliance issue for many companies, because we are regulated by each state, as opposed to many banks which have only one primary regulator regulator, n the mechanical part of a gas delivery system that controls gas pressure that allows a manageable flow of drug vapor to escape. regulator see reducing valve. ." In addition, some states have not yet finalized See finalization. rules, which poses difficulties for insurers within those jurisdictions. One example is California, where a handful of proposals call for regulations stricter than those in Gramm-Leach-Bliley, including some that target an "opt-in" approach, in which information can't be disclosed unless consumers take affirmative steps to agree, rather than the "opt-out" requirement in the act. The industry also is faced with the added expense of the compliance process. Industry officials estimate that final privacy compliance costs could be as high as $1 billion to $2 billion, resulting from employee labor, mailing costs and countless additional expenses. Nationwide estimated its privacy compliance spending at about $10 million in hard costs, including mass mailings and educational programs. The company projects it will continue to spend between $3 million and $4 million annually on privacy-related processes. Many insurers, however, said compliance expenses were not material enough to warrant disclosure. In addition, many said these added expenses were well below those spent on becoming Y2K-compliant. Recognizing the Benefits Despite the challenges, insurers agree the overall transition process of becoming compliant was relatively smooth. "We didn't experience any insurmountable obstacles along the way," said Jack Armstrong Jack Armstrong may refer to:
Another benefit of complying with privacy regulations is a clearer respect for consumers' information. "Most people knew what the right thing was, but now the regulations institutionalized in·sti·tu·tion·al·ize tr.v. in·sti·tu·tion·al·ized, in·sti·tu·tion·al·iz·ing, in·sti·tu·tion·al·iz·es 1. a. To make into, treat as, or give the character of an institution to. b. what the right thing is," said Kirk Herath, chief privacy officer for Nationwide. "The whole purpose of business boils down to one thing--trust. And if customers don't trust a company to use their personal information appropriately, they're unlikely to stay customers for long." St. Paul's privacy notices assure customers m writing that the insurer has a very conservative position in protecting policyholders' personally identifiable information In information security and privacy, personally identifiable information or personally identifying information (PII) is any piece of information which can potentially be used to uniquely identify, contact, or locate a single person. , said Slack. "Judging from the lack of customer calls or complaints since we began mailing notices, we think privacy has been a good selling point selling point n. An aspect of a product or service that is stressed in advertising or marketing. Noun 1. selling point - a characteristic of something that is up for sale that makes it attractive to potential customers for us," he said. In addition to increased customer satisfaction, insurers point to a greater level of customer loyalty and retention as a major benefit of having privacy regulations in place. "The rules are a constant reminder that we have to keep customers' information private," said Allstate's Kron. "And while this may sound obvious, the message may sometimes get lost in everyone's effort to do their job and focus on consumers needs." Preparing for HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, Protecting consumers' health information is a focus of HIPAA, and insurers are gearing up for the April 14, 2003, deadline for compliance with the act's medical privacy provisions. "People generally have three main concerns from a privacy standpoint-- online privacy, identity theft and protection of health information," said Ira Friedman, chief privacy officer and special counsel for MetLife, New York. "HIPAA has hit one of these major areas, and it has become one of MetLife's top efforts to make sure we are in compliance with the act when the deadline comes around." Washington, D.C.-based Blue Gross Blue Shield Blue Shield A US not-for-profit health care insurer that is a reimbursement intermediary for physicians. Cf Blue Cross. Association also plans to be in full compliance by the deadline, said Alissa Fox, executive director of privacy. "While there may be some unintended consequences For the "Law of unintended consequences", see Unintended consequence Unintended Consequences is a novel by author John Ross, first published in 1996 by Accurate Press. that will surface over the next year, we want to make sure the process is as hassle-free as possible." In the next several months, insurers will identify strategies they need to become compliant. "This generally involves a lot of the same internal communication issues they had in respect to Gramm-Leach-Bliley, such as identifying who within the organization has access to information," said KPMG's Harrison. Blue Gross Blue Shield plans, for example, will continue performing gap analysis on their own privacy practices to study what they are currently doing to protect privacy, what the regulation requires and how it compares with current practices. "This will help us evaluate what gaps we need to fill," said Fox. In the end, insurers hope compliance will provide added security for what many believe is the most important information to protect. "Society places a very high premium on health information--holding it as something that demands the utmost care by insurance companies and providers alike," Harrison said. "Payors understand this, so that is why I believe companies are striving to get HIPAA right the first time around." State vs. Federal Some insurers are concerned about what will happen if more states impose stricter rules than those outlined by Gramm-Leach-Bliley. "The sentiment of Congress appears to be to give time for the industry and the marketplace to adjust to the requirements of Gramm-Leach-Bliley and see if the controls now in place are sufficient to protect consumers from unwanted disclosure of information," Harrison said. Insurers hope that attitude prevails. While most were content to embrace the Gramm-Leach-Bliley approach, they believe more time is needed before Congress and states should begin contemplating changes to the financial-privacy rules. "I hope before the government goes a step further, it gives us a couple years to let the machine work before they tinker with it," said Nationwide's Herath. "While the system is not perfect, as no system ever is I'm fearful that if they go too far, it may possibly bring more harm than good to the business." Insurers need to try to do the right thing while still trying to stay solvent in today's tough economy, he added. Insurers also are concerned that states will continue to compete with one another to outdo Gramm-Leach-Bliley, which they believe will hinder hin·der 1 v. hin·dered, hin·der·ing, hin·ders v.tr. 1. To be or get in the way of. 2. To obstruct or delay the progress of. v.intr. the system. Potential Powder Keg powder keg n. 1. A small cask for holding gunpowder or other explosives. 2. A potentially explosive situation or thing. powder keg Noun 1. MetLife's Friedman said one of the negative things the act did for consumers and companies was to allow states to impose greater restrictions than the federal rule. "That's going to lead to a number of states that will take Congress up on that. California, although well-intentioned, is headed in that direction," he said Friedman also believes that increased state-to-state variation of financial privacy will be both expensive for insurers and confusing for consumers, who would be subject to an even greater number of privacy notices from various organizations. Dr. Donald Young Donald Young may refer to:
n.pr the abbreviation for Health Insurance Association of America. , which is working with the Department of Health and Human Services Noun 1. Department of Health and Human Services - the United States federal department that administers all federal programs dealing with health and welfare; created in 1979 Health and Human Services, HHS to clarify what it believes are some ambiguous areas in the HIPAA standards, is concerned that the result will be a new set of requirements, such as an "opt-in" approach for information. "At the federal level, the clarification of intent and rules are spelled out. Insurers know what they are and continue to try to simplify them," he said. At the state level, the association is lobbying for one set of clear federal rules, "not 51 sets," Young said. Better Communication Although the future of financial privacy continues to be a "wait-and-see" game, some insurers believe other financial privacy-related changes may arise. Some insurers believe the language and complexity of financial-privacy notices will take a 180-degree turn in the future. Several groups, including the National Association of Insurance Commissioners The National Association of Insurance Commissioners (NAIC) is an Internal Revenue Code Section 501(c)(3) non-profit organization which seeks to organize the regulatory and supervisory efforts of the various state insurance commissioners from around the United States. , are exploring options to simplify notices and make them more "consumer-friendly." "Policymakers are beginning to step back and consider letting companies communicate only the most important information, which results in better communication, and we hope to see sets of rules that will enable companies to simplify notices," said MetLife's Friedman. He said he worries that if states compete to "trump Gramin-Leach-Bliley," compliance notices will become even more complicated and will not be in the best interest of customers. While some states continue to explore fostering their own privacy rules, the focus at the federal level has shifted since Sept. 11 from consumer protection to governmental needs for information, "However, l think the overall focus is still there, and if it has receded a little on the federal level, we see signs that consumer privacy is coming back on the federal agenda," Friedman said. RELATED ARTICLE: Insurers Keep Watchful Eye on California More than enough financial-privacy regulations have been proposed in California to keep insurers on an apprehensive watch for what the result may be. Several legislators, state departments and even the state governor are looking to impose new privacy rules in California that would be more stringent than those set forth in the Financial Services Modernization Act of 1999, better known as Gramm-Leach-Bliley. Gramm-Leach-Bliley allows corporate affiliation of financial institutions, including banks, brokerage firms, insurers and securities firms. Under the law, financial institutions are required to send customers annual notice of their information-sharing policies and give customers the ability to "opt out," or direct their bank or insurer not to share their nonpublic personal information with third parties for marketing purposes. Only a few states have financial-privacy rules that set an even higher standard than the act with an "opt-in" approach, in which information can't be disclosed unless consumers take affirmative steps to agree to having information disclosed. Since 1999, 40 states have considered bills that would establish privacy rules that are stricter than the Gramm-Leach-Bliley rules. None of the bills passed. California is considering several legislative regulations, including S.B. 773, which was introduced by state Sen. Jackie Speirer, D-San Francisco, and stalled on the Assembly floor in September 2001, and A.B. 1775, which was introduced by Assemblyman as·sem·bly·man n. A man who is a member of a legislative assembly. assemblyman Noun pl -men a member of a legislative assembly Noun 1. Joe Nation, D-San Rafael, earlier this year. In April, the California Assembly Banking and Finance Committee approved A.B. 1775 in a 10-to-3 vote. The bill would restrict financial institutions in their use of customers information for marketing financial products and services. In addition to the various legislative regulations, some experts speculate that California Gov. Gray Davis might offer his own privacy legislation in the near future. Whatever type of rule California drafts, some experts are speculating that the result will mean added costs for insurers. "If there's a very restrictive 'opt-in' proposal or measure that significantly restricts sharing of information among affiliates, it will probably be fairly costly for insurers," said Fred Main, senior vice president and general counsel of the California Chamber of Commerce. Restrictions would cause added expense for marketing purposes among insurers with different affiliates for different lines of insurance, because the companies would have to rely on mass marketing of products and services, rather than a target marketing approach, he said. Sam Sorich, senior vice president of the National Association of Insurance Commissioners, agreed. "The proposed regulations would certainly impede im·pede tr.v. im·ped·ed, im·ped·ing, im·pedes To retard or obstruct the progress of. See Synonyms at hinder1. [Latin imped the marketing efforts of financial-services companies and would cut off a lot of opportunities companies are now able to give to consumers around other services that can be purchased." While California's privacy provisions fall under the adopted 1982 NAIC model privacy law, an overlay (1) A preprinted, precut form placed over a screen, key or tablet for identification purposes. See keyboard template. (2) A program segment called into memory when required. of the new federal provisions and mandates applies to insurers writing in California. "This sets the stage for the California Insurance Department to do something to try to bridge that gap between two approaches--an old law and new federal requirements," said Rey Becker, vice president of property/casualty of the Alliance of American Insurers. Becker said the California privacy issue is currently moving along two tracks--a proposed regulation from the California Insurance Department and an ongoing debate within the state Legislature A state legislature may refer to a legislative branch or body of a political subdivision in a federal system. The following legislatures exist in the following political subdivisions: "Under the insurance department proposal, the good news is that it seeks to bridge the gap and make some of the changes necessary to reconcile state law with the Gramm-Leach-Bliley Act The Gramm-Leach-Bliley Act, also known as the Gramm-Leach-Bliley Financial Services Modernization Act, Pub. L. No. 106-102, 113 Stat. 1338 (November 12, 1999), is an Act of the United States Congress which repealed the Glass-Steagall Act, opening up competition ," said Becker. But he said the flip side Flip side In the context of general equities, opposite side to a proposition or position (buy, if sell is the proposition and vice versa). is that the proposed regulation attempts to regulate health information privacy--an area not covered not covered Health care adjective Referring to a procedure, test or other health service to which a policy holder or insurance beneficiary is not entitled under the terms of the policy or payment system–eg, Medicare. Cf Covered. under the federal law--and inserts a concept not stated in the act or existing state law that seeks to limit disclosure of health information to only the amount reasonably necessary to fulfill the purpose of the disclosure. In addition, Becker said that while the Gramm-Leach-Bliley Act is intended to apply only to products for personal, family or household use, the insurance department's proposal explicitly seeks to regulate commercial insurance, even though no authority is spelled out in either state or federal laws for such provisions. The other track--the legislative debate--calls for a more "opt-in" approach. "However, we think this goes overboard o·ver·board adv. Over or as if over the side of a boat or ship. Idiom: go overboard To go to extremes, especially as a result of enthusiasm. and stifles commerce by putting California at odds with how much of the rest of the country is handling the privacy issue," said Becker. This approach would make it more costly for insurers to conduct business in California, in addition to giving consumers fewer choices of products and services, because they wouldn't receive such notifications, he said. Harry W. Low, California insurance commissioner California Insurance Commissioner is an elected executive office position in California who is in charge of the California Department of Insurance. The current Insurance Commissioner is Steve Poizner. , believes many in the state are looking beyond Gramm-Leach-Bliley's "opt-out" provision to a more "opt-in" type of approach. "There's a strong public groundswell ground·swell n. 1. A sudden gathering of force, as of public opinion: a groundswell of antiwar sentiment. 2. for greater protections with a more 'opt-in' type of protection," he said. But he doesn't know whether that will translate into future legislation. Earlier this year, the National Association of Independent Insurers testified about its opposition to several points in the California Department of Insurance's proposal, including that the regulations extend requirements to business transactions and workers' compensation workers' compensation, payment by employers for some part of the cost of injuries, or in some cases of occupational diseases, received by employees in the course of their work. and that companies would be required to establish California-only notices and procedures that would create high administrative expenses for companies that would like to use the same notice in each state where they do business. Many anticipate some action to occur in one to two years. Becker believes that the industry needs to give the federal rules a chance and to delay changing or enacting new state rules. "Everyone needs to stop and take a deep breath and let the law work and see how well it serves the interests of insurers and consumers before we start tinkering tin·ker n. 1. A traveling mender of metal household utensils. 2. Chiefly British A member of any of various traditionally itinerant groups of people living especially in Scotland and Ireland; a traveler. 3. with new provisions," he said. HIPAA Still a Work in Progress Many insurers are now preparing for the April 14, 2003, compliance deadline of the Health Insurance Portability and Accountability Act of 1996. The HIPAA Privacy Rule, which creates national standards to protect individuals' personal health information and gives patients increased access to their medical records, has taken several turns over the past few years. Although the law contained a provision that gave Congress until April 21, 1999, to pass comprehensive privacy legislation, Congress failed to enact legislation by that date, and the law then called for the Department of Health and Human Services to craft rules for protecting personal health information. After reviewing more than 50,000 comments, the department published the final Standards for Privacy of Individually Identifiable Health Information on Dec. 28, 2000. The rule, which took effect April 14, 2001, specifies the obligations of health-care providers and health plans to protect health information. Most covered entities, such as health plans and health-care providers that conduct certain financial and administrative transactions electronically, must comply with the patient privacy rule by April 14, 2003. Certain small health plans have until April 14, 2004, to comply. In March 2002, Health and Human Services Noun 1. Health and Human Services - the United States federal department that administers all federal programs dealing with health and welfare; created in 1979 Department of Health and Human Services, HHS published proposed changes to its health privacy regulation to "ensure strong privacy protections while correcting unintended consequences that threatened patients' access to quality health care." The proposed modifications included such areas as consent and notice, minimum necessary and oral communication, business associates, marketing, parents and minors, uses and disclosures for research purposes and uses and disclosures for which authorizations are required. Some associations, such as the American Association American Association refers to one of the following professional baseball leagues:
The rule states that a health-care provider can share information with a patient's health plan for treatment, payment or health-care operations, but the information must be specifically for treatment, payment or operations of the provider and not the plan. AAHP AAHP American Association of Health Plans AAHP American Academy of Health Physics AAHP Arkansas Association of Health-System Pharmacists AAHP Alabama Association of Health Plans suggested, among other things, that the rule be revised to indicate clearly that the provider is allowed to share information with a health plan for payment purposes and certain health-care operations; allow a transition period of up to a year for business partners to incorporate changes needed to update contracts; and provide disease management and wellness information to members. AAHP also is concerned that not everyone will be ready to implement the rules by the deadline, estimating that one-half of the health-care community (e.g., physicians, hospitals) is still unable to catch up with those who are where they should be. AAHP believes that as the need arises, deadlines should be extended so everyone can come into compliance at the same time to create a smooth transition to a purely electronic system. ALA also suggested several changes. According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. the ALA, the proposed amendments don't address workers' compensation concerns that the association has raised repeatedly in formal comments to the department and in testimony before a Health and Human Services advisory committee. ALA also recommended several technical changes to clarify the issue of how non-covered entities, such as workers' comp comp See comparison. insurers, could obtain medical information from covered entities, such as providers, health plans and health-care clearinghouses. ALA said it is concerned about the "minimum necessary" standard, which remains a potential threat to the free flow of information needed to process and quickly deliver benefits for workers' comp claims. The minimum-necessary standard would establish--for the first time--a federal workers' comp rule, with enforcement subject to state and federal law, and thereby move medical-information disclosure decisions from the states to a federal agency and federal court, AIA AIA - Application Integration Architecture said. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion