HIPAA and Life Insurance have different purposes. The differences between the purposes of HIPAA and life insurance are significant. HIPAA is a federal law that was created to protect privacy of medical information. With life insurance an individual referred to as “the insured” purchases a life insurance policy. A life insurance policy is a legally binding contract. Life insurance works as follows:

1. The insured identifies specific individuals, known as beneficiaries.
2. The life insurance contract is entered into between the insured and the insurance company. 
3. The insured pays the life insurance company a certain defined amount, known as a premium, on a recurring (i.e., monthly, quarterly) basis. 
4. In exchange for these payments, the life insurance company will, upon the death of the insured person, provide a flat-sum payment – an amount the insured and the insurance company have agreed to in the contract – to the named beneficiaries. 

HIPAA and Life Insurance: What Medical Information Is Associated with Each?

HIPAA and life insurance both are concerned with personal health information.

HIPAA protects the privacy and security of medical information, known as protected health information. Individuals who seek treatment from covered entities are, under the HIPAA Privacy Rule, entitled to have certain protected information shielded from use or disclosure by the covered entity. Health insurance plans, which reimburse covered entities for their services, must access this protected health information to determine what type and amount of reimbursement is warranted.

Health insurance operates differently from many other kinds of insurance. Individuals that purchase car insurance, for example, do not expect to use that insurance every day. Health insurance, however, has the following unique characteristics:

1. Health care (and therefore health insurance) is “consumed” by individuals on a fairly frequent basis;
2. Patients must repeatedly provide protected health information to covered entities; and
3. Covered entities, in turn, regularly share that information with health insurance plans. 

The greater frequency with which PHI must be provided for health care and to receive health insurance benefits, warrant rules to protect the confidentiality, integrity, and access to PHI; hence the existence of the HIPAA Privacy Rule and the HIPAA Security Rule. 

HIPAA and life insurance serve different ends. The primary purpose of life insurance is to provide a financial benefit to specific individuals; this benefit is, as explained above, tied to the life of another person. The contract of life insurance, which is a purely private agreement between the insured and the insurance company, typically can only be entered into after the life insurance company receives the results of a medical exam of the insured. The life insurance company may demand such an exam be taken, and that its results be provided to the life insurance company, to allow the life insurance company to properly underwrite the policy. In underwriting an insurance policy – i.e., drafting a policy’s terms, including the premium amount – a life insurer may consider risk. For example, if the medical exam reveals that the insured is in poor health, there is a chance that the insured may die sooner than a person in better health might. The life insurer may “hedge” against this risk by, for example, charging a higher recurring premium amount. 

While the exam a life insurance company may require can be thorough, the exam is just that – an exam, as in, only one exam.

Most types of life insurance are simply not concerned with an individual’s medical records once a policy is in force. Therefore, the privacy concerns associated with regular provision of health care are not present in the life insurance arena.

As such, life insurance companies may legally request information that is otherwise protected under HIPAA.