Chapter 16- Federal Privacy Laws
HIPPA - Health Insurance Portability and Accountability Act.
Passed in 1996, protects patients' medical and health information.
The Pretexting Provisions (Gramm-Leach-Bliley Act)
Prohibits third parties from obtaining personal information through fraud or trickery. It is a criminal act to falsely obtain personal information from a financial institution or consumers.
The Safeguard Rule (Gramm-Leach-Bliley Act)
Requires financial institutions to set up and maintain safeguards to protect personal financial information for the consumer. Requires the use of computer firewalls and encryption devices to protect consumer. Dictates procedures to follow to destroy information, such as the use of shredders and specially designed trash containers.
Enforcement of the Gramm-Leach-Bliley Act
the FTC enforces the GLB Act against non-traditional institutions. A business is not considered to be a financial institution unless it significantly engages in financial activities. Although funeral homes engage in financial transactions with consumers, they do not fall within the guidelines for regulation. The primary business of a funeral home is funeral service, not financial services.
Exemptions to DNC
-Calls made in response to advertising are not covered. -Calls initiated by consumers in response to an ad or invitation are not covered. -Funeral homes may solicit through general advertising, direct mail inviting calls. -If the funeral home has an established business relationship with a consumer, the funeral home may call the consumer and not be in violation.
other requirements of the DNC Regulation
-Provisions restrict times that calls may be made. -Prompt identification of the telemarketer and the company they represent is mandated. -The purpose of the call. -Prohibits blocking caller ID and imposes other restrictions against abusive practices.
Three primary parts to the Gramm-Leach-Bliley Act
-The Financial Privacy Rule -The Safeguard Rule -The Pretexting Provisions
FTC/FCC Do-Not-Call Regulation Violations
A business using telephone solicitation is required to obtain the Do not call list and scrub its sales call against the Do Not Call list to make sure no illegal calls are made. A funeral home would be liable for violations if a pre-need telemarketer violates the rule. The do not call List may be obtained by telemarketers but scrubbed every 31 days.
General Federal Privacy Laws
Congress has enacted a number of laws and and regulations to combat threats of identity theft, credit scams, and other privacy invasion schemes resulting from the computerization of America and the world. Restrictions are imposed on financial and health care businesses dealing with consumers. Questions arise as to whether funeral homes are covered by these federal privacy laws.
Gramm-Leach-Bliley Act
Enacted in 1999 by Congress to provide consumers the ability to control how and by whom private financial information they supplied to the lending institution will be used. Only covers institutions that are involved in financial activities and generally does not include funeral homes. Disclosure is required if funeral home: -Routinely uses retail credit installment contracts for payment of at-need or preneed contracts. -Acts as a preneed insurance agent. -Assists consumers in obtaining loans from lenders to pay for funerals. -Designed to protect the privacy of consumer information held by financial institutions.
FTC/FCC Do-Not-Call Regulation
Enacted in 2003, issued telemarketing sales rules that implemented the National Do-Not-Call List. Allowed consumers to register cell and residential numbers on a national registry that is DO NOT CALL. Imposes restrictions and prohibitions on telephone sales practices. Violators are subject to $16,000 fine. Rules cover telemarketers and any company that hires or retains a telemarketer to sell on its behalf.
FDCPA and Funeral Homes
FDCPA Does not apply to businesses seeking to collect their own debts. If the funeral home contacts the consumer, rules do not apply. Rules do apply if a funeral home retains an attorney or debt collector to collect the debt. Certain states, such as California, have their own laws which are very similar to the FDCPA that regulate businesses trying to collect their own debts.
Established business relationship (EBR)
Funeral homes can call consumers with an established business relationship (EBR) even if they are on the Do not call list. If the FH has sold the consumer goods or the consumer inquired the FH for goods or services in the last 3 months, and the relationship was not terminated by the consumer. The FH can call them even if they are on the do not call list.
Agents of financial institutions.
If a funeral home sells a pre-need insurance policy, they are an agent of the company. The obligations of the GLB Act fall upon the insurance company, not the funeral home. The insurance company would therefore be required to issue privacy notices and safeguard consumer information - not the funeral home.
The Financial Privacy Rule (Gramm-Leach-Bliley Act)
Informs consumers about the type of information the financial institution collects from consumers and what types of businesses or companies they share that information with. Generally received from banks, stock brokers, insurance companies, and other financial institutions. May opt out if information is shared with non-affiliated companies.
Fair Debt Collection Practices Act (FDCPA)
The FDCPA was enacted to eliminate abusive practices in the collection of consumer debts. Debt collectors are prohibited from: -Calling before 8:00 a.m. or after 9:00 p.m. -Not ceasing further communication when requested by consumer. -Calling with the intent to annoy, abuse or harass. -Calling at the place of employment. -Calling when consumer is represented by attorney. -Publishing consumer's name and address on a bad debt list. -Threatening arrest or legal action that is not permitted. -Demanding amounts that are not collectible under applicable law. -Engaging in abusive or profane language. -Reporting false information on the consumer's credit report.
Who does HIPPA include
The HIPPA privacy rule includes health care providers, billing and payment services, and health plans. Funeral homes are neither covered entities nor business associates.
HIPPA & the Funeral Home
There are legitimate needs to disclose individual health information to third parties, such as funeral homes. HIPPA does not mandate the disclosure of confidential health information but allows covered entities to make disclosures. HIPPA Rule recognizes funeral directors may be included in class of businesses and individuals receiving privacy information. The Rule allows covered entities to disclose confidential health information to funeral directors as necessary. Hospitals may disclose organ and tissue donation as well as other circumstances relevant to the decedent. i.e. HIV or other communicable disease
