[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Financial Services Act of 1999
>
> EFFector Vol. 12, No. 2 Sep. 22, 1999
>
>
> NOTE: We apologize to those of you who will not get this alert in
> time. Some will, some will not, depending on mail queue processing
> speeds, Net lag and intermediary server delays, etc. We've issued this
> as fast as possible after gathering the necessary info.
>
> Electronic Frontier Foundation ACTION ALERT:
>
> H.R. 10 "Confidentiality" Legislation
> Undermines Medical Privacy!
>
> (Issued: Sept. 22, 1999; deadline: Sept. 23, 1999)
>
> ACTION ALERT: Proposed law (US House bill H.R. 10, the "Financial
> Services Act of 1999") would allow insurance institutions to share
> your sensitive and personally identifiable medical information without
> your knowledge or consent, to a wide variety of agencies and financial
> and research entities. H.R. 10 would actually reduce existing medical
> privacy protections!
>
> WHY YOU SHOULD CARE: The language in the provision misleadingly named
> H.R. 10's "Subtitle E: Confidentiality" (and known colloquially as
> "the Ganske Amendment") is riddled with loopholes that make your
> private medical information available to law enforcement (with no
> requirements for a warrant, only a subpoena), to vaguely defined
> "research" projects, and to virtually all affiliates of insurance
> companies, even banks, credit agencies, and debt collectors. (See text
> and analysis at end for more detail.)
> ___________________________________
>
[....]
> FULL TEXT: The text of the relevant section of the bill reads:
>
> Subtitle E--Confidentiality
>
> SEC. 351. CONFIDENTIALITY OF HEALTH AND MEDICAL INFORMATION.
> (a) IN GENERAL- A company which underwrites or sells annuities
> contracts or contracts insuring, guaranteeing, or indemnifying
> against loss, harm, damage, illness, disability, or death (other
> than credit-related insurance) and any subsidiary or affiliate
> thereof shall maintain a practice of protecting the
> confidentiality of individually identifiable customer health and
> medical and genetic information and may disclose such information
> only--
>
> (1) with the consent, or at the direction, of the customer;
> (2) for insurance underwriting and reinsuring policies, account
> administration, reporting, investigating, or preventing fraud or
> material misrepresentation, processing premium payments,
> processing insurance claims, administering insurance benefits
> (including utilization review activities), providing information
> to the customer's physician or other health care provider,
> participating in research projects, enabling the purchase,
> transfer, merger, or sale of any insurance-related business, or as
> otherwise required or specifically permitted by Federal or State
> law; or
> (3) in connection with--
>
> (A) the authorization, settlement, billing, processing, clearing,
> transferring, reconciling, or collection of amounts charged,
> debited, or otherwise paid using a debit, credit, or other payment
> card or account number, or by other payment means;
> (B) the transfer of receivables, accounts, or interest therein;
> (C) the audit of the debit, credit, or other payment information;
> (D) compliance with Federal, State, or local law;
> (E) compliance with a properly authorized civil, criminal, or
> regulatory investigation by Federal, State, or local authorities
> as governed by the requirements of this section; or
> (F) fraud protection, risk control, resolving customer disputes or
> inquiries, communicating with the person to whom the information
> relates, or reporting to consumer reporting agencies.
>
> (b) STATE ACTIONS FOR VIOLATIONS- In addition to such other remedies
> as are provided under State law, if the chief law enforcement officer
> of a State, State insurance regulator, or an official or agency
> designated by a State, has reason to believe that any person has
> violated or is violating this title, the State may bring an action to
> enjoin such violation in any appropriate United States district court
> or in any other court of competent jurisdiction.
>
> (c) EFFECTIVE DATE; SUNSET-
> (1) EFFECTIVE DATE- Except as provided in paragraph (2),
> subsection (a) shall take effect on February 1, 2000.
> (2) SUNSET- Subsection (a) shall not take effect if, or shall
> cease to be effective on and after the date on which, legislation
> is enacted that satisfies the requirements in section 264(c)(1) of
> the Health Insurance Portability and Accountability Act of 1996
> (Public Law 104-191; 110 Stat. 2033).
>
> (d) CONSULTATION- While subsection (a) is in effect, State insurance
> regulatory authorities, through the National Association of Insurance
> Commissioners, shall consult with the Secretary of Health and Human
> Services in connection with the administration of such subsection.
>
> [end excerpt]
> ___________________________________
>
> ANALYSIS: Section (a) states that in general the confidentiality of
> medical and genetic information shall be protected. Exceptions follow.
>
> Subsection (a)(2) will allow medical information to be given out by
> insurers to virtually any affiliated or assisting entities and also
> provides for personally identifiable medical data to be used for
> "research projects" without the consent of the person to whom this
> intensely revealing information pertains.
>
> Subsubsections (a)(3)(A), (C) and (F) will allow private medical
> information to be given out by insurers to credit bureaus, banks, debt
> settlement entities.
>
> Subsubsection (a)(3)(E) will allow private medical information to be
> given out to law enforcement. No provisions are present that would
> require a warrant before the information is disclosed. A simple
> administrative subpoena or other display of supposed "authorization"
> would be sufficient to obtain medical information held by insurance
> companies.
>
> _________________________________________________________________
>