DFS-29-13-00001-E Confidentiality Protocols for Victims of Domestic Violence and Endangered Individuals  

In addition, on October 25, 2012, Governor Andrew M. Cuomo signed into law Chapter 491 of the Laws of 2012, effective January 1, 2013, Part E of which amends Insurance Law § 2612 to require a health insurer to accommodate a reasonable request made by a person covered by an insurance policy or contract issued by the health insurer to receive communications of claim related information from the health insurer by alternative means or at alternative locations if the person clearly states that disclosure of all or part of the information could endanger the person. Except with the express consent of the person making the request, the amendment prohibits a health insurer from disclosing to the policyholder: (1) the address, telephone number, or any other personally identifying information of the person who made the request or child for whose benefit a request was made; (2) the nature of the health care services provided; or (3) the name or address of the provider of the covered services.

Insurance Law § 2612 requires the Superintendent, in consultation with the Commissioner of Health, Office of Children and Family Services, and Office for the Prevention of Domestic Violence, to promulgate rules to guide and enable insurers to guard against the disclosure of the confidential information protected by § 2612. Section 2612 provides important protections to persons who may be subject to domestic violence.

For the reasons stated above, emergency action is necessary for the general welfare.

1. Statutory authority: Financial Services Law §§ 202 and 302 and Insurance Law §§ 301 and 2612. Insurance Law § 301 and Financial Services Law §§ 202 and 302 authorize the Superintendent of Financial Services (the “Superintendent”) to prescribe regulations interpreting the provisions of the Insurance Law and to effectuate any power granted to the Superintendent under the Insurance Law. Insurance Law § 2612 requires the Superintendent to promulgate rules to guide and enable insurers (as § 2612 defines that term, which includes health maintenance organizations as well as agents, representatives, and designees of the insurers that are regulated under the Insurance Law) to guard against the disclosure of the confidential information protected by Insurance Law § 2612.

2. Legislative objectives: Insurance Law § 2612, with respect to every insurer regulated under the Insurance Law, provides in relevant part that if any person covered by an insurance policy delivers to the insurer a valid order of protection against the policyholder or other covered person, then the insurer cannot, for the duration of the order, disclose to the policyholder or other person the address and telephone number of the insured, or of any person or entity providing covered services to the insured. Section 2612 also requires a health insurer, as defined in that section, to accommodate a reasonable request made by a person covered by an insurance policy or contract to receive communications of claim-related information by alternative means or at alternative locations if the person clearly states that disclosure of the information could endanger the person. This section further prohibits a health insurer from disclosing certain information to the policyholder.

The Legislature enacted Insurance Law § 2612, and amendments thereto, to protect domestic violence victims and to ensure that an abuser has one less record that the abuser may use to track down the victim. This rule is consistent with the public policy objectives the Legislature sought to advance by enacting § 2612, because the rule helps to protect domestic violence victims by guiding and enabling insurers to guard against the disclosure of the confidential information protected by § 2612.

3. Needs and benefits: Insurance Law § 2612 requires the Superintendent, in consultation with the Commissioner of Health, Office of Children and Family Services, and Office for the Prevention of Domestic Violence, to promulgate rules to guide and enable insurers to guard against the disclosure of the confidential information protected by Insurance Law § 2612. Therefore, after consultation with the Commissioner of Health, the Office of Children and Family Services, and the Office for the Prevention of Domestic Violence, the Superintendent drafted this rule to guide and enable insurers to guard against disclosure.

4. Costs: The rule may impose compliance costs on insurers because it requires insurers to develop confidentiality protocols and provide certain notices. However, such costs are difficult to estimate and will vary depending upon a number of factors, including the size of the insurer. In fact, insurers already should be complying with the existing requirements of the statute. Moreover, the rule is designed to provide flexibility to insurers and does not prescribe the way in which an insurer must provide the notices, but rather leaves the method up to each insurer. In addition, an agent, representative, or designee of an insurer that is regulated pursuant to the Insurance Law need not establish its own protocol or give certain notices, provided that it follows the protocol of the insurer. In any event, the requirement that insurers may not disclose the information protected by Insurance Law § 2612 is mandated by the statute itself, not the rule.

The Department does not anticipate significant additional costs to the Department to implement the rule. The Department will monitor compliance with the rule as part of its market conduct examinations of insurers and consumer complaint handling procedures.

The regulation does not impose compliance costs on state or local governments because it is not applicable to them.

5. Local government mandates: This rule does not impose any program, service, duty, or responsibility upon any county, city, town, village, school district, fire district, or other special district.

6. Paperwork: The rule requires an insurer to notify its employees, agents, representatives, or other persons with whom the insurer contracts or who have gained access to the information from the insurer, with regard to the solicitation, negotiation, or sale of insurance or the adjustment or administration of insurance claims, that the insurer’s confidentiality protocol is to be followed for the specified victim of domestic violence or covered individual, within three business days of receipt of a valid order of protection and an alternative address, telephone number, or other method of contact, or receipt of a reasonable request with regard to a health insurer.

The rule also requires a health insurer to annually provide all its participating health service providers with a description of Insurance Law § 2612, certain information contained within the insurer’s confidentiality protocol, and the phone number of the New York State Domestic and Sexual Violence Hotline.

7. Duplication: The rule does not duplicate, overlap, or conflict with any state rules or other legal requirements. The rule may overlap with the federal Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as amended, and may impose additional requirements that are not set forth in HIPAA. However, the rule does not conflict with HIPAA.

8. Alternatives: There were no significant alternatives to consider.

9. Federal standards: HIPAA sets forth rules for restricting the use and disclosure of certain health information and permits an individual to make a request to a health plan to receive communications of protected health information from the health plan by alternative means or at alternative locations if the individual clearly states that the disclosure of all or part of the information could endanger the individual. Insurance Law § 2612, as amended by Chapter 491, and this rule, are consistent with HIPAA. However, § 2612 and the rule may impose additional requirements that are not set forth in HIPAA. For example, the rule sets forth required elements of a confidentiality protocol and requires insurers to provide notice of their confidentiality protocols and of Insurance Law § 2612 by posting certain information on their websites.

10. Compliance schedule: The existing statute already requires an insurer to protect certain information when a person provides the insurer with an order of protection. The new requirements of Insurance Law § 2612 took effect on January 1, 2013. By July 1, 2013, an insurer must post certain information on its website. Accordingly, this emergency rule takes effect upon filing with the Secretary of State.

1. Effect of rule: The rule will not affect any local governments. It will affect regulated insurers, most of which do not come within the definition of “small business” as set forth in State Administrative Procedure Act § 102(8), because they are not independently owned and operated and employ less than one hundred individuals. The rule also would affect insurance producers and independent insurance adjusters, the vast majority of which are small businesses, because they are independently owned and operated and employ one hundred or less individuals. There are over 200,000 licensed resident and non-resident insurance producers and over 15,000 licensed resident and non-resident independent insurance adjusters in New York that the rule will affect. The Department does not have a record of the exact number of small businesses included in that group. The Department has designed the regulation to place the least burden possible on insurance producers and independent insurance adjusters, as discussed below.

2. Compliance requirements: Insurance Law § 2612(c)(2) and (h)(1)(A) define “insurer” and “health insurer,” respectively, to include an agent, representative, or designee of an insurer, a corporation organized pursuant to Insurance Law Article 43, a health maintenance organization (“HMO”), a municipal cooperative health benefit plan, or a provider issued a special certificate of authority pursuant to Public Health Law § 4403-a, who is regulated pursuant to the Insurance Law. The rule requires insurers (including health insurers) to develop and implement confidentiality protocols that include written procedures that their employees, agents, representatives, or any other persons with whom the insurers contract or who have gained access to the information from the insurers, with regard to the solicitation, negotiation, or sale of insurance or the adjustment or administration of insurance claims, must follow. The rule also requires insurers to post certain information on their websites. Since, an agent, representative, or designee who is regulated pursuant to the Insurance Law is included in the definitions of “insurer” and “health insurer,” these requirements apply to insurance agents and independent insurance adjusters. In certain cases, insurance brokers may act on behalf of insurers, such as when they administer insurance programs for the insurers, and thus the rule would apply to brokers as well. Furthermore, the rule prohibits any person subject to the Insurance Law from engaging in any practice that would prevent or hamper the orderly working of the rule in accomplishing its intended purpose of protecting victims of domestic violence and covered individuals.

However, the Department has attempted to minimize the impact of the rule on insurance producers and independent insurance adjusters by including language that states that an agent, representative, or designee of an insurer, a corporation, an HMO, or a provider, who is regulated pursuant to the Insurance Law, need not develop its own confidentiality protocol if the agent, representative, or designee follows the protocol of the insurer, corporation, HMO, or provider. Nor does a producer or an adjuster who follows the protocol of the insurer, corporation, HMO, or provider need to post certain information on its website.

3. Professional services: The rule would not require an insurance producer or independent insurance adjuster to use professional services.

4. Compliance costs: The rule will not impose any compliance costs on local governments. Insurance producers and independent insurance adjusters, many of whom are small businesses, may incur additional costs of compliance, but they should be minimal. The cost to a producer or an adjuster will be associated primarily with developing and implementing a confidentiality protocol, unless the producer or adjuster chooses to follow the protocol of the insurer, corporation, HMO, or provider.

5. Economic and technological feasibility: Local governments will not incur an economic or technological impact as a result of this rule. Insurance producers and independent insurance adjusters, many of whom are small businesses, will not have to purchase any new technology to comply with the rule.

6. Minimizing adverse impact: The rule applies to the insurance market throughout New York State. In accordance with Insurance Law § 2612, the same requirements will apply to all insurance producers and independent insurance adjusters, so the rule does not impose any adverse or disparate impact on small businesses. Further, the Department has designed the regulation to place the least burden possible on an insurance producer or insurance adjuster by allowing the producer or adjuster to follow the protocol of the insurer, corporation, HMO, or provider, rather than develop its own protocol.

7. Small business and local government participation: Small businesses and local governments will have an opportunity to participate in the rule making process when the rule is published in the State Register.

1. Types and estimated numbers of rural areas: Insurers, insurance producers, and independent insurance adjusters affected by this rule operate in every county in this state, including rural areas as defined under State Administrative Procedure Act (“SAPA”) § 102(10).

2. Reporting, recordkeeping and other compliance requirements; and professional services: The rule requires insurers located in rural areas (as Insurance Law § 2612 defines that term, which includes health maintenance organizations as well as agents, representatives, and designees of the insurers who are regulated under the Insurance Law) to develop and implement confidentiality protocols that include written procedures that their employees, agents, representatives, or any other persons with whom the insurers contract or who have gained access to the information from the insurers, with regard to the solicitation, negotiation, or sale of insurance or the adjustment or administration of insurance claims, must follow. The rule also requires insurers to post certain information on their websites.

However, the Department has attempted to minimize the impact of the rule on insurance producers and independent insurance adjusters located in rural areas by including language that states that an agent, representative, or designee of an insurer, a corporation, an HMO, or a provider, who is regulated pursuant to the Insurance Law, need not develop its own confidentiality protocol if the agent, representative, or designee follows the protocol of the insurer, corporation, HMO, or provider. Nor does a producer or an adjuster who follows the protocol of the insurer, corporation, HMO, or provider need to post certain information on its website.

The rule would not require an insurer, insurance producer, or independent insurance adjuster located in a rural area to use professional services.

3. Costs: Insurers, insurance producers, and independent insurance adjusters located in rural areas may incur additional costs of compliance, but they should be minimal. The cost to an insurer, producer, or adjuster located in rural areas will be associated primarily with developing and implementing a confidentiality protocol. However, a producer or adjuster may choose to follow the protocol of the insurer, corporation, HMO, or provider.

4. Minimizing adverse impact: The rule applies to the insurance market throughout New York State. In accordance with Insurance Law § 2612, the same requirements will apply to all insurers, insurance producers, and independent insurance adjusters, so the rule does not impose any adverse or disparate impact on insurers, insurance producers, or independent insurance adjusters in rural areas.

5. Rural area participation: Insurers, insurance producers, and independent insurance adjusters located in rural areas will have an opportunity to participate in the rule making process when the rule is published in the State Register.

The Department of Financial Services finds that this rule should have no impact on jobs and employment opportunities. As required by Insurance Law § 2612, the rule establishes certain limited requirements to guide and enable insurers to guard against the disclosure of the confidential information protected by § 2612.