Continuing on with a series of posts I started last week on life insurance applications I would like to discuss the necessary (by law) and often misunderstood Authorization to Obtain Information or HIPAA authorization form.
HIPAA, the Health Insurance Portability and Accountability Act, is the program that protects sensitive personal information from being used for other than the intended purpose. Even though its’ intent is to protect consumers, on occasion consumers take exception to the language in the authorization. I have even had potential clients, assuming that I am the only agent out there that requires the form, decide not to apply through me and go elsewhere in search of an agent who won’t be so potentially invasive. It’s rare, but when someone digs in their heels on the issue, they don’t buy my assertion that the same language is part of all life insurance applications through all companies and all agents.
So, what is this document? Why do people take exception to it in some cases? I have extracted a fairly common life insurance hipaa-authorization from a Banner Life term insurance application. While the documents differ some from company to company, they all have to meet the same legal requirements for language and content.
For those that do take exception to HIPAA authorization forms, and honestly they are few and far between, the first thing they take exception to is the expansiveness of the authorization. It allows the company to obtain full medical records, even from mental health facilities, and any other protected health information (protected under HIPAA) occurring during the last 10 years to the company’s agents, employees, vendors or representatives.
First let me be clear that full medical records and other health information are separate. Some try to interpret that in their favor as the company only being interested in medical records for the last 10 years and therefore only being interested in your medical history for the last 10 years. This would be a stroke of luck if you happen to have had a melanoma or a heart attack prior to 10 years ago, but that’s not the case. The company wants to know all of your medical history and the authorization allows them to obtain all of your medical records.
Another question that occasionally pops up is why the authorization is valid for two years. You may remember from previous posts about HIPAA and life insurance that policies have a two year incontestability period. Should you die during that period the authorization can be used to obtain medical records needed to ensure that the claim is valid.
This authorization also rescinds, for the purpose of this application, any private agreements you might have to restrict access to all of part of your medical records. Simply put, if you want to apply you forfeit the right to pick and choose what the insurance company can see. And finally the release is very straight forward. If you refuse to sign the authorization the company doesn’t have to process your application.
Bottom line. While the document might seem one way, it really accomplishes something for both you and the company. It allows them to get all of the information needed to fully underwrite the policy and it lays down clear limits on who can see the information and how it can be used.