1 / 24

Insurance Claims and Privacy: A Rapidly Changing Landscape

Insurance Claims and Privacy: A Rapidly Changing Landscape. Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario CICMA and CIAA Joint Conference February 3, 2004. Impetus for Change. Growth of privacy as a global issue EU Directive on Data Protection

Thomas
Télécharger la présentation

Insurance Claims and Privacy: A Rapidly Changing Landscape

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Insurance Claims and Privacy: A Rapidly Changing Landscape Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario CICMA and CIAA Joint Conference February 3, 2004

  2. Impetusfor Change • Growth of privacy as a global issue • EU Directive on Data Protection • Increasing amounts of personal data collected, consolidated, aggregated • Consumer backlash; heightened consumer expectations

  3. Importance of Consumer Trust • In the post-9/11 world: • Consumers either as concerned or more concerned about online privacy • Concerns focused on the business use of personal information, not new government surveillance powers • If consumers have confidence in a company’s privacy practices, they are more likely to: • Increase volume of business with company…….... 91% • Increase frequency of business……………….…... 90% • Stop doing business with company if PI misused…83% Harris/Westin Poll, Nov. 2001 & Feb. 2002

  4. How The Public Divides on Privacy The “Privacy Dynamic” - Battle Dr. Alan Westin for the minds of the pragmatists

  5. Information Privacy Defined • Information Privacy: Data Protection • Freedom of choice; control; informational self-determination • Personal control over the collection, use and disclosure of any recorded information about an identifiable individual

  6. Fair Information Practices:A Brief History • OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data • EU Directive on Data Protection • CSA Model Code for the Protection of Personal Information • Canada Personal Information Protection and Electronic Documents Act (PIPEDA)

  7. Summary of Fair Information Practices • Accountability • Identifying Purposes • Consent • Limiting Collection • Limiting Use, Disclosure, Retention • Accuracy • Safeguards • Openness • Individual Access • Challenging Compliance

  8. Federal Private-Sector Privacy Legislation • Personal Information Protection and Electronic Document Act(PIPEDA) • Staggered implementation: • Federally regulated businesses, 2001 • Federal health sector, 2002 • Provincially regulated private sector, 2004

  9. Extension of PIPEDA • As of January 1, 2004, PIPEDA has extended to:  all personal information collected, used or disclosed in the course of commercial activities by provincially regulated organizations (including insurance companies and independent insurance adjusters)  unless a substantially similar provincial privacy law is in force

  10. Provincial Private-Sector Privacy Laws Québec: Act respecting the protection of personal information in the private sector B.C.: Personal Information Protection Act Alberta:Personal Information Protection Act Ontario: draft Privacy of Personal Information Act, 2002 – not introduced…so PIPEDA applies

  11. PIPEDA – General Consent Rule • Assume insurance company and adjuster are in Ontario (PIPEDA applies) • Knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate • In insurance claims where there is no suspicion of fraud, adjuster should only collect, use and disclose personal information with knowledge and consent of policyholder

  12. Fraud Investigations • Privacy is not an absolute right – it needs to be balanced against other interests • PIPEDA recognizes public interest in collecting, using and disclosing personal information without knowledge and consent of individual for fraud investigations

  13. Consent Exceptions in PIPEDA • “Investigative bodies” designated in regulations may receive and disclose personal information without knowledge and consent of individual to investigate a breach of an agreement or a contravention of the laws of Canada or a province

  14. PIPEDA Regulations • November 6, 2003 – Industry Canada issued notice to amend PIPEDA regulations to include additional organizations as “investigative bodies” • Insurance adjusters and private investigators included in proposed list (among others) • Amended regulation expected to come into effect very soon (within the next month)

  15. Protecting Privacy During Investigations • “Investigative body” status will not give insurance adjusters unlimited power to collect, use and disclose personal information without consent • Adjusters should only collect, use and disclose minimum amount of personal information necessary for purposes of investigation • They should also ensure that any third parties that are retained (e.g., private investigators) do not violate privacy laws when assisting with claims investigations

  16. Personal Health Information • For some claims, insurance adjusters collect, use and disclose policyholder’s personal health information (PHI), which is considered highly sensitive • Justice Krever’s Report on the Confidentiality of Health Information, 1980 • The IPC has been calling for legislation to protect personal health information since 1987

  17. Provincial Health Privacy Laws Alberta Health Information Act Manitoba Personal Health Information Act Saskatchewan Health Information Protection Act

  18. Ontario: Health Information Protection Act, 2003 (HIPA) • Ontario government introduced health privacy bill (Bill 31) on December 17, 2003 • Referred to Standing Committee on General Government, which is currently holding public hearings and receiving submissions • Expected to come into effect July, 2004

  19. General Principles • HIPA establishes rules governing the collection, use and disclosure of personal health information by health information custodians and other persons • Health information custodians are defined as persons who have custody or control of personal health information as a result of the work that they do or in connection with the powers or duties they perform

  20. Consent • HIPA allows for implied consent for disclosure of PHI within a patient’s circle of care (e.g., from a family physician to a specialist or a lab for testing) • HIPA requires express consent for disclosure of PHI outside the circle of care (e.g., from a family physician to an insurance adjuster)

  21. Disclosure Without Consent • HIPA allows health information custodians to disclose PHI without consent only in specific and limited circumstances (e.g., to reduce a risk of serious bodily harm to a group of persons) • Section 42 of HIPA deals with disclosures related to HIPA and other Acts

  22. Investigations – Section 42(1)(g) • Section 42(1)(g) of HIPA allows a health information custodian to disclose personal information about an individual “ … to a person carrying out an inspection, investigation or similar procedure that is authorized by a warrant or under an Act of Ontario or Canada for the purpose of complying with the warrant or that Act.”

  23. Final Thought • The privacy landscape is rapidly changing • Be aware of both PIPEDA and Ontario’s proposed health privacy legislation (HIPA) when investigating and settling insurance claims

  24. How to Contact Us Commissioner Ann Cavoukian Information & Privacy Commissioner/Ontario 80 Bloor Street West, Suite 1700 Toronto, Ontario M5S 2V1 Phone: (416) 326-3333 Web: www.ipc.on.ca E-mail: commissioner@ipc.on.ca

More Related