 |
Ann Hoven, MD & Kristi Petersen, MD
Copyright 2005 American Academy of Insurance Medicine
The MIB
MIB, Inc. (the Medical Information Bureau) is a wholly owned subsidiary of MIB Group, Inc., a member owned holding company. MIB, Inc. provides for the confidential exchange of underwriting information in coded form among member companies. The purpose is to detect and deter fraud in connection with the underwriting of life and health insurance.
Confidentiality
Much of the success of the MIB in the nearly 100 years of its existence is the confidential manner that members have maintained in obtaining and securing medical information.
Codebooks are to be accessed only by authorized medical and underwriting personnel. The Medical Director or Chief Underwriter must account for all code books on an annual basis.
Consumer Protective Procedures: C, 1-7
There are a number of rules that provide protection to the consumer. Areas covered include restriction of access to MIB record information, the consumer’s right to be given information on the MIB prior to giving informed consent, the right to be notified if MIB record information leads to adverse action and aspects of ensuring the accuracy of record information.
Requesting an MIB Report: Prerequisites
Before ordering an MIB report on an insurance applicant, there are three prerequisites:
- A signed application with medical declarations or other medical representations
- Pre-notice
- Informed consent
Pre-Notice: C, 3
This is a written notice, given to the applicant before completion of the application, which describes the MIB and the services it performs for member companies. Required language can be found in the MIB handbook in the comment section after the General Rules. This notice informs the applicant of his/her right to obtain a copy of the report and to request correction of any inaccuracy in the accordance with procedures contained in the Fair Credit Reporting Act (FCRA).
Informed Consent: C, 2
A written authorization by the proposed insured must be obtained. This consent allows the underwriting company to obtain information in the risk assessment process. The form must specifically name the MIB as a source of information and refer to medical and non-medical information. The consent must not imply that any organization other than a member company can obtain the MIB record information. The language of the authorization is suggested in the comment section after the General Rules in the Handbook.
Informed Consent, non-written: C, 2(b)
The increasing use of electronic, oral or other non-traditional forms of consent has lead to an amendment to the informed consent rule, effective 6-1-00. The new rule, C, 2(b), allows member companies to obtain consent in other than written form. The member company must certify that the information will be used only for such permissible purposes as defined in the Fair Credit Reporting Act (FCRA) and MIB General Rules, which includes underwriting an applicant or processing a claim. To use this option, the company must first sign an agreement with MIB that outlines the policy. Once the agreement is in place, the member company can request an MIB report after giving pre-notice, obtaining person’s consent to request and receive medical information and verifying the identity of the individual.
Reporting to the MIB: D, 2, 3
Any time an MIB report is obtained; there is an obligation to make a report, assuming that reportable information is acquired in the course of underwriting. This report must be made within 30 days of receipt of the information or within 15 days of final action on the case.
A Reinsurer may request an MIB report on an applicant even when their client company is not an MIB member, but only if the reinsurer expects to share the risk. MIB report information may never be disclosed to the non-member client company. The Reinsurer must comply with all rules whether or not the client company is an MIB member, i.e., A, 1, B1, 3, C, 1, 2, 3, D, 1, 2, 4.
MIB reports may be requested on Group insurance applicants who give medical declarations or representations as part of the application process, as long as the other prerequisites have been fulfilled. If there are no health questions as part of the application, one may not request an MIB report. Here also, the Group Insurer must comply with all rules when an MIB report has been
obtained, i.e. A,1, B,1,3, C,1,2,3, D,1,2,4.
If during the underwriting process no MIB records are requested, but information is acquired from an authorized source that indicates the applicant has an impairment listed in the MIB code book, the letter of the rules indicate that a code does not need to be submitted. The spirit of the MIB allows the code to be submitted if the company chooses to submit it.
The Cardinal Rule of MIB: Rule D, 4
“Any coded information received from the MIB may be used only to alert members to the possible need for further investigation of an applicant’s insurability. MIB coded information shall not be used in establishing an applicant’s eligibility for insurance.”
If the MIB report includes information that could lead to an adverse action, and that information was previously unknown, one must (re)investigate that information. The coded information may not be used to underwrite without verification. Investigative choices include:
- Requestioning the applicant
- Pursuing additional APS or other information
(see Guide to Investigation in the Handbook)
- Requesting Code Details (after certain conditions are met)
Code Detail Requests: D, 4(b), D, 5
The Exception to D, 4(b)
If the efforts to find out about the code in question are not revealing, a request for the details of this code (a code detail request) may be begun through the MIB. (See section D,5, General Rules of the handbook for the conditions that must be met before a Code Detail request may be submitted.) Section D, 4(b) refers to an exception to the General Rule: “Coded medical information received from MIB may be used in considering insurability when, and only when the underwriting member can certify that:
1. Further investigation is not needed to assure that the application being considered and the
MIB coded medical information relate to the same person, and
2. It obtained from the reporting member either:
i) the documents (or summaries thereof) which were the basis of the latter's report to MIB, or
ii) advice from such member that the MIB coded medical information is verified by "information from a medical source” or the applicant.
This exception applies only to medical information.
The requesting company submits their request for Code Details to the MIB. It is the choice of the company that originally submitted the report (reporting company) to respond or not to respond to the request. The Handbook says this best: “The amount and content of information furnished in answer to a request for details shall be within the discretion of the reporting member and any details provided shall not be considered furnished through the MIB.”
The response could be:
- to send copies of the documentation,
- to reveal the original source of the information (e.g. a doctor’s name), or
- simply to verify that they have information in their file to support the code as reported.
This verification may be written or verbal.
The reporting company can choose whether or not to disclose its identity to the requesting company. All member companies are encouraged to support each other’s needs and to respond to requests for details in a timely fashion. As this process often takes several weeks, it is especially important to keep confidentiality in mind when communicating with the producer.
If all ways to verify the code have been to no avail, the MIB report remains unverified. This unverified report may not be used as the sole basis for an underwriting decision. However, once you are assured that the code is about the same person as the applicant and once the information is verified through another APS, Code Details, etc., it may be used in underwriting. Rule D,4(b)
Post Notice: D, 4(c) (aka: C4 letter)
Post Notice refers to a letter that must be sent to the subject of the MIB report telling them that the MIB report led to an investigation that resulted in adverse action. It must be sent when:
- “the coded information received from MIB was used to alert the member to the possible need for further investigation and
- the member conducted an investigation that it would not otherwise have conducted” and
- that investigation led to adverse action (i.e. adverse decision was taken in whole or in part because of the information obtained in the investigation conducted as a result of the MIB report)
Recommended wording of the letter may be found in the MIB Handbook.
MIB Disclosure
The MIB Consumer fact sheet says it best: “IF MIB has a file on you, you can find out what it says and change it if it is wrong”.
Most applicants for insurance have no MIB reports on file; the most commonly reported code is for an EKG. In any case, MIB reports are eliminated automatically by computer edit 7 years after being submitted.
In compliance with the Fair Credit Reporting Act (FCRA), the subject of an MIB report has a right to review the information in their report. Prior to December 2004, the consumer could write or call MIB’s Information Office to request a copy of their MIB report. Once received, MIB would contact the reporting companies to allow the companies the opportunity to confirm identity, to review the file and to verify code accuracy, which was to have been completed within 30 business days. Any changes that needed to be reported could be submitted to the MIB prior to the disclosure being sent to the subject of the report.
In December 2004 the Fair and Accurate Credit Transactions Act (FACT Act) expanded the FCRA’s consumer protection provisions.
The consumer must now request the disclosure of MIB codes by calling the MIB Disclosure Center at 866-692-6901 (TTY 866-346-3642 for hearing impaired). MIB must respond at no charge (previously there was a fee to cover the cost of this service) within 15 calendar days of identity verification.
The MIB can be reached at:
MIB, Information Office
P0 Box 105,
Essex Station
Boston MA 02112 USA
www.mib.com |
MIB Information Office
501 - 330 University Avenue
Toronto ON M5G 1R7 Canada |
Once the identity verification process is completed over the phone, MIB discloses in writing to the consumer that 1) there is no report on the consumer or 2) discloses the MIB report to the consumer if it contains no “sensitive” codes.
If the report contains “sensitive” codes or MIB is unable to complete the identity verification process over the phone, an e-mail/fax is sent to the reporting company for identity verification form information in their files. The reporting company has 5 calendar days to complete identity verification.
MIB Disputed Accuracy
The FACT Act did not amend the processing of MIB requests for Disputed Accuracy.
If the subject of an MIB report believes that any information in it is incorrect or incomplete, he/she may request MIB to reinvestigate. The MIB then notifies the reporting company and a reinvestigation of the disputed information is initiated.
A document outlining the reinvestigation process is sent along with the notification. The key concept is: all original sources of any coded information must be contacted, even if the company’s file includes records that appear to support the codes in the report. The original sources must be asked to verify that the information is on the same person and that the information is accurate. The source may also be asked if there is any additional information which might have bearing on the report or that could lead to an amended code. Under certain circumstances, the requesting company may be required to contact other relevant sources provided by the consumer.
Reinvestigation must be completed within 30 business days and the reporting company must respond to the MIB with the results: the codes may be verified and unchanged; changed or deleted; or a supplemental report can be filed. The latter might be used when the original report was correct but additional information was found which is pertinent. Supplemented reports become a part of the MIB record. The Consumer’s Guide indicates that if a statement of dispute is filed, the MIB record is amended so that any member company that subsequently inquires will be advised that the record is in dispute.
MIB Identity Theft Block
The FACT Act allows a consumer to block his/her MIB record where there has been identity theft. To initiate the block, the consumer must provide MIB with:
1. Appropriate proof of the consumer’s identity;
2. A police report evidencing the claim of the consumer of identity theft;
3. The identification of the information; and
4. Confirmation by the consumer that the information is not information relating to any transaction by the consumer.
The FACT Act also gave consumers the right to add a Fraud Alert to their Credit Report. If this alert is relayed to one of the three major Consumer Reporting Agencies (Equifax, Experian, Transunion), then that CRA must relay the alert to the remaining CRAs. MIB is considered a specialized CRA. MIB, upon receipt of a fraud alert from a major CRA, forwards a request for identity verification to any insurers who had accessed MIB on the consumer who reported the fraud alert.
Audits
Annual Self-Audit: C, 6
Each year, member companies must conduct and submit a Self-Audit to the MIB. General topics covered in the audit include confidentiality, consumer protective procedures, and use of MIB information and use in Reinsurance (if applicable).
Site Audit: C, 7
About every three years, the MIB staff conducts audits of member companies. Files are
reviewed for compliance with MIB rules. Typically an informal debriefing is done at the end of the audit and this is followed by a formal written summary of the audit.
Member Pledge: A, 1
The CEO, Chief Medical Director and Chief Underwriter sign an annual member pledge certifying that the company is in compliance with various MIB rules.
Basic Security Alert Code (OFAC/OSFI)
In 2001, the USA Patriot Act and other laws were passed as part of the plan to combat terrorism. The laws prohibited insurance and financial companies from doing business with individuals listed on the databases maintained by the U.S. and Canadian governments. In order to assure companies are in compliance with the laws and regulations, MIB provides a service that checks submitted names against these databases as part of its service.
If there appears to be a match when the databases are searched, the MIB adds a code to the report requested by the member company on the individual. The member company must then do an investigation to determine if their applicant and the person on the government database are the same.
The member company starts the investigation by contacting the Office of Foreign Asset Control (OFAC) in the U.S. A. or the Office of the Superintendent of Financial Institutions (OSFI) in Canada. As with any MIB code, no action may be taken based on the code without an investigation to verify the facts.
AAIM has been granted permission to use the proprietary information of MIB Group, Inc. in this Study Guide for the education of its members only. Any other use or disclosure of the Study Guide is expressly prohibited. MIB's Handbook & Directory must be consulted for MIB Bylaws, Rules and procedures, as amended from time to time, governing participation by MIB member companies.
|
|
