MA Rule Number (7) Seven
The Company Tax and Legal Advice Policy
The Company, LLC. (AAG)
Membership Agreement Rule No. 7
Be Knowledgeable of Your Limits: Tax & Legal Advice
Offering tax or legal advice is beyond your scope as a The Company agent. In general, you may comment upon the tax treatment or features of the insurance product that is being offered. But, offering tax or legal advice is beyond your scope as a The Company agent. The Company does not give tax or legal advice and you’re not authorized to provide such advice on behalf of The Company. The Company will always recommend that individuals consult a tax and/or legal specialist that can sufficiently understand a client’s unique tax or legal requirements.
Protecting Financial Information
In November 1999, the Financial Services Modernization Act, also referred to as the Gramm-Leach-Bliley Act (GLBA) became law. Title V of GLBA contains certain provisions (“Privacy provisions”) that limit the way in which financial institutions, including insurance companies, can use information they obtain from consumers. Enforcement of the Privacy Provisions is left to the “functional regulator” of the various financial institutions. For example, the Securities and Exchange Commission (SEC) created Regulation S-P to enforce the privacy provisions for brokers and dealers, and the National Association of Insurance Commissions (NAIC) adopted a model “privacy” regulation (NAIC Model) and a model “safeguarding of information” regulation (which have been adopted in most states). The NAIC Models enforce various provisions of the GLBA for insurance companies. Among other things, the NAIC Models require that a licensee give initial and annual notices to consumers regarding the licensee’s use of “non-public personal financial information” about consumers. An insurance agent does not need to provide the notices as long as an insurance company with which the agent is appointed gives the notices. The agent must enter into a contract with the insurance company that prohibits the agent from disclosing or using consumer nonpublic personal financial information unless the disclosure or use is in connection with the agent’s performance under the contract and as permitted by the regulation. Furthermore, the agent must implement a documented information security program to safeguard nonpublic personal information in his/her possession. This security program should include administrative, technical, and physical safeguards for the protection of client information and be appropriate to the size and complexity of the agent’s business. Nonpublic personal financial information is virtually any information—other than nonpublic personal health information—about a consumer that a licensee obtains. For example, nonpublic personal financial information includes a consumer’s gender, age, phone, and Social Security number, as well as information that more obviously seems “financial,” such as information about a consumer’s income or assets.
Protecting Health Information
The NAIC Model also prohibits insurance companies, agents, TPAs, etc., from disclosing “nonpublic personal health information” about a consumer to anyone, unless the consumer authorizes the disclosure or certain provisions of the regulation permit the disclosure.
Nonpublic personal health information is information created by or derived from a health care provider or consumer, and obtained by a licensee that relates to:
- The past, present, or future physical, mental, or behavioral health of an individual
- Health care provided to an individual
- Payment for health care provided to an individual
The federal government protects consumers’ health information under the Health Insurance Portability and Accountability Act (HIPAA). HIPAA’s Privacy Rule became effective April 14, 2003. Under HIPAA, the Department of Health and Human Services (HHS) created guidelines to protect the confidentiality and security of Protected Health Information (PHI). HIPAA applies to medical providers and health plans but does not directly apply to life and annuity operations. The rules for “health plan” operations govern a range of subjects, including who may have access to medical information, how it may be obtained, and when it may be disclosed.
Do You Sell Health Plans?
The definition of “health plan” includes the following types of insurance coverage: specified disease, long-term care, hospitalization, major medical, as well as some riders that pay for medical costs, such as a long-term care rider. Agents who sell health plans are considered “Business Members” under HIPAA because they collect and receive PHI regarding clients. Business Members must comply with the HIPAA Privacy Rule. If you sell health plans, HIPAA requires you to set up policies and procedures that limit unauthorized access to private information. This includes password-protecting computers, locking drawers and filing cabinets where PHI is stored, and ensuring that faxes, copies, and other papers containing PHI are expeditiously collected and distributed to appropriate individuals and are appropriately disposed of such as by secure shredding. When meeting “face-to-face” with clients, HIPAA has no restrictions on the types of products you may discuss. Also, HIPAA’s marketing provisions expressly allow insurers and agents to inform clients of policy upgrades, and enhancements to health-related products. However, HIPAA prohibits health plans and their agents from using PHI for cross-marketing purposes without an individual’s authorization. The information in the application for health plans is considered PHI and cannot be used to market other products. Please note that information that you did not create or receive in your capacity as an agent is not considered to be PHI. You’re allowed to maintain a card file or computer list of clients. This information should be separate from any files that you might have that contain applications and other documents that have PHI. The health plan must provide a HIPAA ‘Notice of Health Information practices” at the time of enrollment in the health plan and must remind policyholders that this notice is available at least once every three years. The notice explains policyholder rights and the health plan responsibilities under HIPAA.
Even if You Don’t Sell Health Plans
Even in situations where you’re taking an application for life insurance or other lines that are not included in the definition of “health plan” under HIPAA, it is very likely that you will be required to get a special “HIPAA compliant” authorization signed by the applicant. This is because insurance companies often must request medical information from doctors, hospitals, and other health care providers. Those providers are subject to HIPAA and cannot provide requested medical information unless they are presented with a special HIPAA compliant authorization. Similar authorizations may need to be obtained at the time any claim is submitted.