Over the past several years the insurance industry has seen the enactment of many new privacy related statutes and regulations such as Gramm-Leach-Bliley, the NAIC Medical Privacy Act, the Health Insurance Portability and Accountability Act (HIPAA) and the Department of Health and Human Services Medical Privacy Regulations (HHS Privacy Rule). Each of these statutes or regulations has introduced higher degrees of accountability on the use of personal information by both furnishers and users.

The Standards for Privacy of Individually Identifiable Health Information (Privacy Rule) establishes, for the first time, a set of national standards for the protection of certain health information. The U. S. Department of Health and Human Services (HHS) issued the Privacy Rule to implement the requirement of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The Privacy Rule standards address the use and disclosure of individuals’ health information- called “protected health information” by organizations subject to the Privacy Rule – called “covered entities,” as well as standards for individuals’ privacy rights to understand and control how their health information is used. Within HHS, the Office for Civil Rights (OCR) has responsibility for implementing and enforcing the Privacy Rule with respect to voluntary compliance activities and civil money penalties.

A major goal of the Privacy Rule is to assure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public’s health and well being. The Rule strikes a balance that permits important uses of information, while protecting the privacy of people who seek care and healing. Given that the health care marketplace is diverse, the Rule is designed to be flexible and comprehensive to cover the variety of uses and disclosures that need to be addressed.

Accordingly, as of
April 14, 2003, very specific criteria must be included in a valid release of medical information authorization. The standard authorizations currently contained in our applications and claim forms are not sufficient for compliance with the HIPAA guidelines. We have developed a medical records release authorization form MLIC-HIPAA-04-03 which is HIPAA compliant.

As of April 14, 2003, when filing an application for insurance or a claim for benefits it will be necessary to have form MLIC-HIPAA-04-03 completed by the insured or authorized representative of the insured. This will be in addition to the standard application or claim form. In the event it is necessary to obtain medical records for determining eligibility for insurance coverage or claim benefits, a completed form MLIC-HIPAA-04-03 will be required before the medical provider will release the information to us. Please be aware, there may be times when individual providers will require their own release to be signed.

If you have any questions, please contact our home office.