Model Act, which is law in at feast 15 states, explicitly prohibits the use of MIB reports as a basis for decisions. The NAIC act and the federal Fair Credit Reporting Act both require that insurers explain the basis for adverse underwriting decisions.
MIB takes a number of precautions to protect personal privacy while providing insurers sufficient information upon which base underwriting decisions. MIB reports do not include street addresses, telephone numbers, or Social Security numbers. Insurers are also required to provide applicants with a written notice informing them that they may make a "brief report" to MIB, identifying the uses to which MIB and its member companies may put the information, and outlining the applicant's right to demand disclosure of information held by MIB and to request that errant information be corrected. In 1995, about 163,400 people requested disclosures from MIB, resulting in corrections to 348 reports.
MIB uses a variety of mechanisms to provide security. First, the computer system is "exceptionally user unfriendly." Second, each member has a computer terminal dedicated exclusively to activities approved by MIB. Each terminal has a unique identifying code; all access to MIB is documented, and all requests and transmissions are verified. The system will disconnect from the terminal if the identification code is not recognized. It disconnects after receiving an inquiry that includes the correct code, then dials back the requester, using another code, to establish the connection for transmitting the requested information. According to MIB, all of its 200 staff members are educated regarding expectations of confidentiality, and are limited in their access to the MIB code book, computer room, and database. Member companies must make an annual pledge to protect confidentiality and must adhere to a number of specific confidentiality requirements. MIB audits its members regularly to ensure their compliance with these requirements.
SOURCE: Medical Information Bureau Inc. 1995. Medical Information Bureau: A Consumer's Guide. Medical Information Bureau Inc., Westwood, Mass., September. Additional information from Neil Day, president, and James Corbett, vice president, MIB Inc., briefing to the study committee, May 1, 1996.
This report attempts to guide the debate over the privacy and security of electronic medical information by evaluating practices for better protecting health information. To this end, the report has the following objectives: