Employer News: FAQ about Privacy Washington

  • What is the Gramm-Leach-Bliley Act?

    The federal Gramm-Leach-Bliley Act of 1999 (GLBA) affects financial institutions, including insurance companies and health insurance carriers (collectively known as "licensees"), and the manner in which they collect, use, and disclose nonpublic personal financial information obtained from consumers (i.e., applicants) and both current and former customers. Nonpublic personal financial information includes consumers' and customers' names, addresses, Social Security numbers, subscriber identification numbers, etc. Under the law, states' insurance departments are tasked with issuing regulations and enforcing these requirements. The compliance deadline for these requirements was July 1, 2001.

    What are the privacy provisions within the Gramm-Leach-Bliley Act?

    GLBA's privacy provisions are essentially a disclosure law that requires (1) initial and annual notices concerning the licensee's privacy practices and, if necessary, (2) notices explaining the ability of consumers and customers to "opt out" of certain disclosures. Please note Premera Blue Cross does not make any disclosures that would require an "opt out" notice. The initial privacy notice was mailed to all current contract holders (i.e., employer groups and Individual product subscribers) at the end of June 2001, and consumers will receive a copy of the notice in pre-sale materials after July 1, 2001. In addition, contract holders with active coverage will receive this notice annually.

    What is the Washington Patient Bill of Rights?

    The Washington Patient Bill of Rights (PBR) passed in March 2000. This law affects commercial individual, insured group, and public business. The implementation deadline for this law was July 1, 2001.

    What are the privacy provisions within the Washington Patient Bill of Rights?

    The Washington PBR imposes restrictions regarding the collection, use and sharing of members' personal health information, which includes but isn't limited to, name, address, phone number, Social Security number, subscriber number, status of claims and diagnosis, procedure and treatment descriptions.

    The law requires health insurance carriers to adopt policies and procedures that conform administrative, business and operational practices to protect a member's right to privacy. Health insurance carriers must also provide information about their confidentiality policies and procedures to members.

    The law also makes health insurance carriers subject to the existing state Uniform Health Care Information Act, previously applicable only to healthcare providers. That law specifically outlines the limited categories of individuals to whom a health insurance carrier may disclose personal health information without a signed specific authorization form from the individual.

    What is Protected Personal Information (PPI)?

    Premera Blue Cross has adopted the principle of Protected Personal Information to comply with both GLBA and the Washington Patient Bill of Rights. Protected Personal Information (PPI) is all information, whether oral or recorded in any form, created or received by Premera Blue Cross, our affiliates, or subsidiaries, that identifies, or can readily identify, an individual. PPI includes any data related to the past, present, or future:

    • Physical, mental or behavioral health or condition of an individual
    • Payment for healthcare services received by an individual
    • Healthcare services received by an individual
    • Finances of an individual, including, but not limited to, an individual's name, address, telephone number, Social Security number, identification number or wage information

    What is considered General PPI?

    General PPI includes:

    • Member name
    • Member address (including phone number)
    • Member date of birth
    • Member eligibility (includes active/inactive coverage status, premium payment data)
    • General benefit information (e.g., maternity is covered at 80% for preferred providers)
    • Claim status
    • Dates of service

    What is considered Sensitive PPI?

    Sensitive PPI refers to any information involving existence of a claim and/or any procedure or treatment related to the following:

    • Alcohol or chemical dependency
    • Psychiatric disorders/mental illness
    • Reproductive health (including abortion and pregnancy)
    • Sexually transmitted diseases, HIV and AIDS

    Some of our practices have not changed and are not affected by GLBA and PBR. Since they are important practices, the following is a brief reminder.

    How does this affect a parent's or guardian's ability to review or check the claims information of their child(ren)?

    Our established procedures allow us to share all general PPI with a parent or guardian. For sensitive PPI, with the exception of a diagnosis which is not discussed, a parent or guardian will need to have the child sign a release to review or check claims information or status based on the ages below:

    Diagnosis Age Release Required
    Alcohol or Chemical Dependency

    Outpatient services:

    Inpatient services:


    13 years and older

    18 years and older
    Psychiatric Disorders/Mental Illness

    Outpatient services:

    Inpatient services:


    13 years and older

    18 years and older
    Reproductive Health (including abortion and pregnancy) 14 years and older
    Sexually Transmitted Diseases, HIV and AIDS 14 years and older

    Can a member's spouse contact Premera Blue Cross to review or check claims information/status?

    Our established procedures allow us to share all general PPI with a member's spouse. For sensitive PPI, with the exception of a diagnosis which is not discussed, a member's spouse will need to have the member sign a release to review or check claims information or status.

    If you have any questions on Premera's privacy policies, please contact your Sales Representative or Account Manager.