Impose wide-ranging requirements and restrictions on financial and health care businesses that deal with consumers. Help to combat:
- Identity theft
- Credit scams
- Other privacy-invasion schemas that have spawned by the internet and the computerization of America
Federal Privacy Laws
Designed to protect the privacy of consumer information held by financial institutions. Three primary parts:
- Financial Privacy Rule
- Safeguard Rule
- Pretexting Provisions
Gramm-Leach-Bliley Act of 1999 (GLB Act)
Informs consumers about the type of information the financial institution collects from consumers and what types of businesses or companies they share that information with.
- If the financial institution is sharing information with non-affiliated companies, the consumer has the right to "opt out" from the financial institution's disclosure of personal information.
- Most Americans are familiar with this rue- routinely received privacy notices from banks, stock brokers, insurance companies, and other financial institutions.
Financial Privacy Rule
Financial institutions are required to set up and maintain safeguards to protect personal financial information obtained from consumers. Requires the use of computer firewalls and encryption devices to protect consumer information.
- Also dictates procedures that financial institutions should follow to destroy consumer financial information, such as the use of shredders and specially designed trash containers.
Prohibits third parties from obtaining personal information through fraud or trickery.
- Makes it a criminal act to falsely obtain personal information from a financial institution or from consumers.
- Traditional financial institutions such as banks. stockbrokers, and insurance companies.
- Businesses that provides financial products or services to consumers.
- Non-traditional institutions: mortgage lenders, loan brokers, tax preparers, debt collectors, and financial advisors.
- This does NOT cover funeral homes
Who the GLB Act Covers
According to the Federal Trade Comission, which enforces the GLB Act against non-traditional financial institutions, a business is not considered to be one of these unless it is "significantly engaged in financial activities."
- Primary business of a funeral home is the provision of funeral services, not financial services. (not covered by the act).
The obligations of the GLB Act fall on the principal, not the funeral home as the agent. It is the principal's requirement to issue privacy notices and safeguard consumer information under the GLB Act, not the funeral home.
- i.e. selling preneed insurance policy for an insurance company
Funeral Homes Acting as Agents of Financial Institutions
Required the U.S. Department of Health and Human Services (HHS) to issue regulations protecting the privacy of health information.
- Most significant protection of patients' medical and health information originated with this.
Health Insurance Protability and Accontability Act (HIPAA)
Standards developed by HHS
- Businesses covered (Covered entities) - health care providers, health care billing and payment services, and health plans.
- Covered entities to undertake the following actions:
- Notify patients about their privacy rights and how their health information will not be used.
- Adopt and implement privacy procedures for the covered entity
- Train employees so that they understand the privacy procedures
- Designate an individual to be responsible for seeing that privacy procedures are adopted and followed.
- Secure patient records containing individually identifiable health information so that they are not readily available to unauthorized parties.
Standards for Privacy of Individually Identifiable Health Information (HIPPA Privacy Rule)
When a Covered Entity has another business perform functions or activities on behalf of the Covered Entity, and that business is provided patient health information.
- In the past, the HIPPA privacy rule did not directly regulate these, but did require Covered Entities to oversee activities of these.
- With ammendments passed by Congress in 2009, HHS is now considering direct regulation of these under the HIPPA privacy rule.
- Covered entities are susally health care providers, health care insurers, and medical billing services, therefore funeral homes are not these.
- Funeral homes do not generally contract with Covered Entities to perform functions or activities on behalf of the Covered Entities. Therefore, Funeral homes are not Business Associates. (despite receiving health care information).
Funeral Homes are Neither Covered Entities nor Business Associates
Although funeral homes are not covered by the HIPPA Privacy Rule, the HIPPA privacy rule does recognize tha there are legitimate needs to disclose individual health information to third parties (funeral homes).
- HIPPA privacy rule does not mandate the disclosure of confidential health information to third parties such as funeral homes. Rather the HIPPA Privacy Rule allows Covered Entities to make those disclosures either as a voluntary reporting practice or as a reporting practice that may be compelled by state law.
Disclosing Individual Health Information
Allows Covered Entities to disclose confidential health information to funeral directors consistent with applicable law, as necessary to carry out their duties with respect to a decedent.
- Also states that when necessary for funeral directors to carry out their duties, Covered Entities may disclose protected health information prior to and in reasonable anticipation of an individual's death.
- Some states require disclosure of patient health information to funeral homes, others do not.
- Positive HIV test
- Presence of communicable disease
Section 164.512(g) of the HIPPA Privacy Rule
Issued by both the Federal Trade Comission and the Federal Communications Commission. These regulations allowed consumers to register any residential telephone number, including cell phone numbers, on a national registry at no cost.
- Telemarketers are subject to $16,000 fines if they call any number on this list
- This rule also contain a number of restrictions and prohibitions on telephone sales practices.
FTC/FCC Do-Not-Call Regulation
If a funeral home utilizes telephone solicitation to sell funeral goods or services, or if it allows a third party company or agent to sell on its behalf, it needs to be aware of the requirements of the telemarketing sales rules.
- Not only coveres telemarketers, but any company it hires or retains to sell on its behalf.
- Funeral home is liable if a telemarketer (i.e. preneed insurance agency) representing the funeral home violates the telemarketing sales rule.
FTC/FCC Do-Not-Call Regulation and Funeral Homes
If a business is involved in telemarketing, it si required to obtain the Do-Not-Call-List and scrub its sales call list against the Do-Not-Call-List to ensure that no illegal calls are made.
- Regulations require the list be scrubbed every 31 days.
Scrubbing the Telephone List
- Telephone calls that are initiated by consumers in response to general media advertising or direct mail advertising
- Calls made to consumers with which the funeral home has an established business relationship (EBR).
Exemptions of the Do-Not-Call List
- The funeral home has sold goods or services or entered into a financial transaction with the consumer in the eighteen months preceding the telephone solicitation
- In the three months preceding the telephone solicitation, the consumer inquired goods or services offered by the funeral home and the relationship was not terminated by either party.
An Established Business Relationship (EBR) Exists if:
Exists only if the consumer with which the business relationship was established.
- Only people who are parties to the funeral contract
Should be aware of the other requirements of the telemarketing sales rule. Provisions include:
- Restricting the tie that calls may be made
- Requirements regarding mandating prompt identification of the telemarketer, the company they represent, and the purpose of the call
- Prohibitions against blocking caller ID
- Other restrictions against abusive practices
Funeral Homes that Engage In Telemarketing
Enacted to eliminate abusive practices in the collection of consumer debts.
Fair Debt Collection Practices Act (FDCPA)
- Contacting a consumer by telephone before 8am or after 9pm local time
- Not ceasing any further communication with a consumer once requested by the consumer
- Calling the consumer numerous times with the intent to annoy, abuse or harass the consumer.
- Communicating with a consumer at his or her place of employment
- Contacting the consumer when the consumer is represented by an attorney
- Pubishing the consumer's name and address on a bad debt list
- Threatening arrest or legal action that is not permitted or demanding amounts that are not collectible under applicable law
- Engaging in abusive or profane language
- Reporting false information on the consumer's credit report
Collectors are Prohibited From Taking The Following Actions:
- Identify themselves
- Notify the consumer about the debt that is being collected
- Provide verification of the debt upon request
- Notify the consumer of his or her right to dispute the debt
FDCPA Requires Debt Collectors to:
Does not apply the businesses seeking to collect their own debts. I.e. funeral homes which is contacting consumers about overdue accounts and unpaid bills.
- It does apply to any debt collectors or attorneys retained by the funeral home to collect a consumer debt.
- Some states (California) had their own laws which are very similar to the FDCPA and which regulate businesses trying to collect their own debts.