DALLAS - State insurance regulators moved a step closer Tuesday to approving a proposed model for protecting consumers' confidential financial and medical data.
A 22-member panel of the National Association of Insurance Commissioners approved a plan at the group's fall meeting here that state lawmakers or regulators could adopt to comply with the Gramm-Leach-Bliley Act of 1999. The association's board is expected to affirm the plan Sept. 26 during a teleconference call.
Federal regulators have already issued rules that are to take effect July 1, governing how banks, securities firms, and others must meet the privacy standards written into last year's financial reform law. But states, which regulate insurance companies, have lagged.
Banking industry officials at the association's conference criticized the proposal because it would go beyond Gramm-Leach-Bliley to include restrictions on the handling of personal medical information. That could mean more political hurdles lie ahead.
"If they had simply stuck with a straightforward financial privacy proposal, they would have had a chance" to get something adopted sooner, said Ken Reynolds, executive director of the Association of Banks in Insurance.
Health privacy "is such a complicated area," he said, "and it is going to trigger lobbying activities in each of the states, which will delay passage of legislation. July 1, 2001, will come and go, and the insurance industry - because NAIC created such a complicated model bill - is going to have to come into compliance without statutory and regulatory guidance. That is where the battle is going to be."
Under the proposal, insurance companies would have to give people the chance to block, or opt out of, transfers of personal financial information to most third parties. For personal health information, however, it would require insurers to obtain consent, or an opt-in, before sharing data with third parties or affiliates. As with the bank rules, insurers' compliance would be required by July.
The Consumer Federation of America on Monday issued a report condemning the plan for not going far enough. The 17-page report said the association should give people the opportunity to opt in before any confidential information is shared with third parties or affiliates.
George Nichols 3d, Kentucky's insurance commissioner and the NAIC's president, said the association does not want to be in conflict with the federal law or to create unfair competition. Gramm-Leach-Bliley established an opt-out for the sharing of personal financial information with third parties. If the association imposes tougher restrictions, he said, then insurance companies would be at a competitive disadvantage to banks and securities firms.
The plan's restrictions on medical information-sharing are not problematical, he said, because they focus on insurance companies, which produce such data.
Officials of the American Council of Life Insurers and the American Insurance Association said Tuesday that they could live with the plan, provided exceptions were preserved to prevent interference with claims processing or other operations.
