• E-mail
• Print
• RSS

Is an authorization ever required for underwriting purposes?

HIPAA Weekly Advisor, September 5, 2005

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

The HHS commentary states that covered entities must obtain the individual's authorization to use or disclose PHI for the purpose of making eligibility or enrollment determinations or for underwriting or risk-rating determinations, prior to the individual's enrollment in a health plan (that is, for purposes of preenrollment underwriting).

For example, if an individual applies for new coverage with a health plan in the nongroup market and the health plan wants to review PHI from the individual's covered healthcare providers before extending an offer of coverage, the individual first must authorize the covered providers to share the information with the health plan.

If the individual applies for renewal of existing coverage, however, the health plan would not need to obtain an authorization to review its existing claims records about that individual, because this activity would come within the definition of healthcare operations and be permissible.

HHS also notes that a group health plan and a health insurance issuer that provides benefits with respect to a group health plan are permitted, in certain circumstances, to disclose summary health information to the plan sponsor for the purpose of obtaining premium bids. Because these disclosures fall within the definition of healthcare operations, they do not require authorization.

Go to Section 164.508(a) Authorizations for Uses and Disclosures of the Bricker & Eckler Web site for more information.

Editor's note: Attorneys from Bricker & Eckler, LLP, answered this question. This is not legal advice. Consult with your attorney for legal matters.

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

• E-mail to a Colleague
• Print
• RSS
• Archive