March 31, 2000
Ms. Jennifer J. Johnson
Board of Governors of the Federal Reserve System
20th and C Streets, NW
Washington, DC 20551
Re: Docket No. R-1058
Dear Ms. Johnson:
I am writing to submit the Blue Cross and Blue Shield Association comments regarding the proposed privacy rule published pursuant to the Gramm-Leach-Bliley Act (GLB) on privacy of consumer financial information (12 CFR Part 216, Docket No. R-1058). The Blue Cross and Blue Shield Association (BCBSA) represents 49 independent Blue Cross and Blue Shield (BCBS) Plans across the country, covering 75 million Americans.
We understand that the recently proposed GLB privacy rules do not directly apply to Blue Cross and Blue Shield Plans. However, BCBSA is submitting comments because the federal GLB privacy rules will likely be used as a baseline or precedent for future privacy laws and regulations adopted by the states.
For BCBS Plans, there is no question as to whether patient records should be kept confidential, but only as to how this should be accomplished. We look forward to working with the Board of Governors of the Federal Reserve System (Board), as well as the Department of Health and Human Services (HHS) and other federal agencies, to implement practical and uniform privacy protections that facilitate quality assurance efforts and the timely payment for health care services.
Our over-riding concern with the GLB proposed privacy rules is that their substantial overlap with other federal privacy rules as well as state regulations will create a confusing patchwork of rules for consumers and insurers.
States already have a myriad of privacy laws and regulations dealing with patient records. In addition, the Department of Health and Human Services (HHS) has recently issued two very comprehensive proposed rules related to privacy and security under the direction of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HHS expects to issue final versions of these rules, as well as additional proposed rules on privacy, in the near future.
The GLB proposed regulation not only duplicates sections of the HHS proposed rule on privacy, but also includes conflicting rules. Such duplication and conflict will make it very difficult to comply with the two regulations, and would impair the cost-saving goals of HIPAA's administrative simplification provisions. Moreover, the overlap and complexity of the federal rules creates a potential market disincentive - making it difficult for health insurers to meaningfully interact with the financial services industry. This would defeat the underlying spirit of the Gramm-Leach-Bliley Act.
To alleviate confusion and minimize costs, BCBSA recommends that health insurers that are subject to the HIPAA privacy rules be deemed in compliance with the GLB privacy statute. Consumer privacy would retain broad protections, without the additional costs of compliance with duplicative regulation.
To support this key recommendation, we have attached detailed comments describing certain operational impacts and conflicts relative to BCBS Plans. We have also provided recommendations and alternatives that we hope will prove helpful as the regulations are finalized.
We look forward to working with the federal agencies in achieving a workable balance that truly maximizes benefits for consumers. Please call Christina Nyquist at (202) 626-4799 if you have any questions.
Mary Nell Lehnhard
cc: Office of the Comptroller of the Currency
Federal Deposit Insurance Corporation
Office of Thrift Supervision
Federal Trade Commission
Securities and Exchange Commission
National Credit Union Administration
Department of Health and Human Services
National Association of Insurance Commissioners