SEARCH SITE

VIRGINIA LAW PORTAL

SEARCHABLE DATABASES

ACROSS SESSIONS

Developed and maintained by the Division of Legislative Automated Systems.

2001 SESSION


CHAPTER 371
An Act to amend and reenact §§ 38.2-514, 38.2-601, 38.2-602, 38.2-604, 38.2-606, 38.2-613, and 52-41 of the Code of Virginia, to amend the Code of Virginia by adding sections numbered 38.2-513.1, 38.2-604.1, 38.2-612.1, and 38.2-612.2, and to repeal § 38.2-513 of the Code of Virginia, relating to insurance transactions; consumer protection and privacy.
[H 2157]
Approved March 19, 2001

Be it enacted by the General Assembly of Virginia:

1. That §§ 38.2-514, 38.2-601, 38.2-602, 38.2-604, 38.2-606, 38.2-613, and 52-41 of the Code of Virginia are amended and reenacted and that the Code of Virginia is amended by adding sections numbered 38.2-513.1, 38.2-604.1, 38.2-612.1, and 38.2-612.2 as follows:

§ 38.2-513.1. Insurance sales by depository institutions and other lending institutions.

A. No depository institution, in the sale or solicitation of insurance, shall:

1. Reject an insurance policy required in connection with a loan or extension of credit solely because the policy has been issued or underwritten by a person who is not associated with such depository institution or its affiliate;

2. Require a debtor, insurer, agent, or surplus lines broker to pay a separate charge in connection with the handling of insurance required in connection with a loan or extension of credit or other banking product, unless such charge would be required when the depository institution or its affiliate is the licensed agent or surplus lines broker;

3. Use any advertisement that would cause a reasonable person to believe mistakenly that (i) the federal government or the Commonwealth is responsible for the insurance sales activities of, or stands behind the credit of, the depository institution or its affiliate; or (ii) the federal government or the Commonwealth guarantees any returns on insurance products or is a source of payment on any insurance obligation of or sold by the depository institution or its affiliate;

4. Act as an agent unless licensed in accordance with the provisions of Chapter 18 (§ 38.2-1800 et seq.) of this title;

5. Pay or receive commissions or other valuable consideration except in accordance with the provisions of Chapter 18 (§ 38.2-1800 et seq.) of this title; however, nothing herein shall prohibit the payment of compensation to a person not licensed under Chapter 18 (§ 38.2-1800 et seq.) of this title for the referral of a customer, provided that (i) such compensation is not based on the purchase of insurance by the customer, (ii) such compensation is a one-time, nominal fee of a fixed dollar amount for each referral, and (iii) the referral does not include a discussion of specific insurance policy terms and conditions;

6. Release insurance information of a customer to any person other than an officer, director, employee, agent, or affiliate of the depository institution, for the purpose of soliciting or selling insurance, without the express written consent of the customer. This provision shall not apply to (i) the release of information as otherwise authorized by state or federal law or (ii) the transfer of insurance information to an unaffiliated insurer in connection with transferring insurance in force on existing insureds of the depository institution or its affiliate, or in connection with a merger with or acquisition of an unaffiliated insurer. A depository institution or its affiliate shall be deemed to be in compliance with this paragraph if it complies with Chapter 6 (§ 38.2-600 et seq.) of this title;

7. Use, disclose, or release health information obtained from the insurance records of a customer for any purpose other than for its activities as a licensed agent or surplus lines broker, without the express written consent of the customer. A depository institution or its affiliate shall be deemed to be in compliance with this paragraph if it complies with Chapter 6 (§ 38.2-600 et seq.) of this title;

8. Extend credit or provide any product or service that is equivalent to an extension of credit, lease or sell property of any kind, furnish any services, or fix or vary the consideration for any of the foregoing on the condition or requirement that the customer obtain insurance from the depository institution or its affiliate, or a particular insurer, agent, or surplus lines broker; except that nothing shall prohibit the depository institution or its affiliate from:

a. Engaging in any activity that would not violate section 106 of the Bank Holding Company Act Amendments of 1970, as interpreted by the Board of Governors of the Federal Reserve System, or

b. Informing a customer that (i) insurance is required in order to obtain a loan or credit approval; (ii) the loan or credit approval is contingent upon the procurement by the customer of acceptable insurance; or (iii) insurance is available from the depository institution or its affiliate;

9. Offer, sell, or require insurance in connection with a loan or extension of credit, when an application for a loan or extension of credit from a depository institution is pending, unless a written disclosure is given to the customer indicating that the customer’s choice of an insurer will not affect the credit decision or credit terms in any way; provided, however, that the depository institution may impose reasonable requirements concerning the creditworthiness of the insurer and the scope of coverage chosen. Any disapproval of an insurer shall be deemed unreasonable if it is not based on reasonable standards uniformly applied, relating to the extent of coverage required and the financial soundness and the services of an insurer. Such standards shall not discriminate against any particular type of insurer, nor shall such standards call for disapproval of an insurance policy because the policy contains coverage in addition to that required by the creditor. Use of the ratings of a nationally recognized rating service shall not be deemed unreasonable provided such ratings are based on reasonable standards uniformly applied. If an insurer, duly licensed in Virginia, does not possess the required rating of a nationally recognized rating service, no person who lends money or extends credit shall refuse to accept from the insurer a certificate of 100 percent reinsurance issued by another insurer pursuant to § 38.2-136, which does possess the required rating;

10. Sell an insurance policy in connection with any lending of money or extension of credit unless:

a. A clear and conspicuous disclosure is given, in writing, where practicable, to the customer prior to the sale stating that such insurance policy (i) is not a deposit; (ii) is not insured by the Federal Deposit Insurance Corporation or any other federal government agency; (iii) is not guaranteed by the depository institution or, if appropriate, its affiliate or any person soliciting or selling insurance on its premises; and (iv) where appropriate, involves investment risk, including the potential loss of principal, and

b. Written acknowledgment of the disclosure is obtained from the customer at the time the customer receives the disclosure or at the time of the initial purchase of the insurance policy;

11. Solicit or sell insurance, other than credit insurance or flood insurance, unless such solicitation or sale is completed through documents separate from any credit transactions;

12. Include the expense of insurance premiums, other than credit insurance premiums, title insurance premiums, or flood insurance premiums, in the primary credit transaction without the express written consent of the customer; or

13. Solicit or sell insurance unless (i) its insurance sales activities are, to the extent practicable, physically segregated from areas where retail deposits are routinely accepted; (ii) it maintains separate and distinct books and records relating to such insurance transactions for the three previous calendar years; and (iii) it makes all such books and records available to the Commission for inspection upon reasonable notice.

B. As used in this section:

"Affiliate" means any company that controls, is controlled by, or is under common control with another company.

"Credit insurance" means the lines of insurance defined in §§ 38.2-103, 38.2-108, 38.2-122.1, and 38.2-122.2.

"Customer" means an individual who obtains, applies for, or is solicited to obtain insurance.

"Depository institution" means any bank or savings association.

"Insurance information" means information concerning the premiums, terms, and conditions of insurance coverage, including expiration dates and rates, and insurance claims of a customer contained in the records of a depository institution or its affiliate.

C. Notwithstanding anything to the contrary, the provisions of this section, except subdivision A. 10., shall also apply to any person who lends money or extends credit and who sells or solicits any insurance as classified and defined in Article 2 (§ 38.2-101 et seq.) of Chapter 1 of this title in connection therewith. However, this section shall not apply to premium finance companies licensed under Chapter 47 (§ 38.2-4700 et seq.) of this title or agents who extend credit as authorized in § 38.2-1806 to the extent that such premium finance companies or agents are not affiliated with a depository institution.

D. If the customer agrees, the written disclosures and acknowledgements required by subsection A of this section may be provided electronically. Such disclosures shall be provided in a format that the customer may retain and reproduce for later reference. When a purchase of insurance is made by telephone, the disclosures and acknowledgements required by subsection A of this section may be given orally, provided that (i) such disclosures are mailed or provided in electronic form within three working days after the sale, solicitation, or offer of the insurance policy; (ii) documentation is maintained showing that oral acknowledgement was given by the customer; and (iii) a reasonable effort is made to obtain written acknowledgement from the customer.

E. The Commission shall have the power to examine and investigate the affairs of any person to whom this section applies to determine whether that person has violated this section. If a violation of this section is found, the person in violation shall be subject to the same procedures and penalties as are applicable to other provisions of this chapter.

F. Except as provided for specifically in subsection A, this section shall not prevent or restrict a depository institution or its affiliate from engaging directly or indirectly, either by itself or in conjunction with an affiliate, or any other person, in any activity authorized or permitted under state or federal law.

§ 38.2-514. Failure to make disclosure.

A. No person shall solicit or effect the sale of an annuity, a life insurance policy or an accident and sickness insurance policy without furnishing the disclosure information required by any rules and regulations of the Commission.

B. Any lending institution, bank holding company, savings institution holding company or subsidiary or affiliate of either the lending institution or holding company, including any officer or employee thereof, licensed as an insurance agency or insurance agent in this Commonwealth shall, prior to the sale of any policy of life insurance in which there is or will be an accumulation of cash value during the term of the policy, make a written disclosure to the purchaser of the policy's "interest adjusted net cost index" in compliance with regulations or forms approved by the Commission.

C. No person shall provide to an insured, claimant, subscriber or enrollee under an accident and sickness insurance policy, subscription contract, or health maintenance organization contract, an explanation of benefits which does not clearly and accurately disclose the method of benefit calculation and the actual amount which has been or will be paid to the provider of services.

§ 38.2-601. Application of chapter.

A. The obligations imposed by this chapter shall apply to those insurance institutions, agents or insurance-support organizations that:

1. In the case of life or accident and sickness insurance:

a. Collect, receive or maintain information in connection with insurance transactions that pertains to natural persons who are residents of this Commonwealth; or

b. Engage in insurance transactions with applicants, individuals, or policyholders who are residents of this Commonwealth; and

2. In the case of property or casualty insurance:

a. Collect, receive or maintain information in connection with insurance transactions involving policies, contracts or certificates of insurance delivered, issued for delivery or renewed in this Commonwealth; or

b. Engage in insurance transactions involving policies, contracts or certificates of insurance delivered, issued for delivery or renewed in this Commonwealth.

B. The rights granted by this chapter shall extend to:

1. In the case of life or accident and sickness insurance, the following persons who are residents of this Commonwealth:

a. Natural persons who are the subject of information collected, received or maintained in connection with insurance transactions; and

b. Applicants, individuals or policyholders who engage in or seek to engage in insurance transactions; and

2. In the case of property or casualty insurance, the following persons:

a. Natural persons who are the subject of information collected, received or maintained in connection with insurance transactions involving policies, contracts or certificates of insurance delivered, issued for delivery or renewed in this Commonwealth; and

b. Applicants, individuals, or policyholders who engage in or seek to engage in insurance transactions involving policies, contracts or certificates of insurance delivered, issued for delivery or renewed in this Commonwealth.

C. For purposes of this section, a person shall be considered a resident of this Commonwealth if the person's last known mailing address, as shown in the records of the insurance institution, agent or insurance-support organization, is located in this Commonwealth.

D. Notwithstanding subsections A and B of this section, this chapter shall not apply to information collected from the public records of a governmental authority and maintained by an insurance institution or its representatives for the purpose of insuring the title to real property located in this Commonwealth.

E. The provisions of this chapter shall apply only to insurance purchased primarily for personal, family or household purposes.

§ 38.2-602. Definitions.

As used in this chapter:

"Adverse underwriting decision" means:

1. Any of the following actions with respect to insurance transactions involving insurance coverage that is individually underwritten:

a. A declination of insurance coverage;

b. A termination of insurance coverage;

c. Failure of an agent to apply for insurance coverage with a specific insurance institution that an agent represents and that is requested by an applicant;

d. In the case of a property or casualty insurance coverage:

(1) Placement by an insurance institution or agent of a risk with a residual market mechanism or an unlicensed insurer; or

(2) The charging of a higher rate on the basis of information that differs from that which the applicant or policyholder furnished; or

e. In the case of a life or accident and sickness insurance coverage, an offer to insure at higher than standard rates, or with limitations, exceptions or benefits other than those applied for.

2. Notwithstanding subdivision 1 of this definition, the following actions shall not be considered adverse underwriting decisions, but the insurance institution or agent responsible for their occurrence shall provide the applicant or policyholder with the specific reason or reasons for their occurrence:

a. The termination of an individual policy form on a class or statewide basis;

b. A declination of insurance coverage solely because such coverage is not available on a class or statewide basis;

c. The rescission of a policy.

"Affiliate" or "affiliated" means a person that directly, or indirectly through one or more intermediaries, controls, is controlled by, or is under common control with another person.

"Agent" shall have the meaning as set forth in § 38.2-1800 and shall include surplus lines brokers.

"Applicant" means any person who seeks to contract for insurance coverage other than a person seeking group insurance that is not individually underwritten.

"Clear and conspicuous notice" means a notice that is reasonably understandable and designed to call attention to the nature and significance of the information in the notice.

"Consumer report" means any written, oral, or other communication of information bearing on a natural person's credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics or mode of living that is used or expected to be used in connection with an insurance transaction.

"Consumer reporting agency" means any person who:

1. Regularly engages, in whole or in part, in the practice of assembling or preparing consumer reports for a monetary fee;

2. Obtains information primarily from sources other than insurance institutions; and

3. Furnishes consumer reports to other persons.

"Control," including the terms "controlled by" or "under common control with," means the possession, direct or indirect, of the power to direct or cause the direction of the management and policies of a person, whether through the ownership of voting securities, by contract other than a commercial contract for goods or nonmanagement services, or otherwise, unless the power is the result of an official position with or corporate office held by the person.

"Declination of insurance coverage" means a denial, in whole or in part, by an insurance institution or agent of requested insurance coverage.

"Financial information" means personal information other than medical record information or records of payment for the provision of health care to an individual.

"Financial institution" means any institution the business of which is engaging in financial activities as described in Section 4(k) of the Bank Holding Company Act of 1956 (12 U.S.C. § 1843 (k)).

"Financial product or service" means any product or service that a financial holding company could offer by engaging in an activity that is financial in nature or incidental to such a financial activity under Section 4(k) of the Bank Holding Company Act of 1956 (12 U.S.C. § 1843 (k)).

"Individual" means any natural person who:

1. In the case of property or casualty insurance, is a past, present, or proposed named insured or certificate holder;

2. In the case of life or accident and sickness insurance, is a past, present, or proposed principal insured or certificate holder;

3. Is a past, present or proposed policyowner;

4. Is a past or present applicant;

5. Is a past or present claimant; or

6. Derived, derives, or is proposed to derive insurance coverage under an insurance policy or certificate subject to this chapter;

7. For the purposes of §§ 38.2-612.1 and 38.2-613, is a beneficiary of a life insurance policy;

8. For the purposes of §§ 38.2-612.1 and 38.2-613, is a mortgagor of a mortgage covered under a mortgage guaranty insurance policy; or

9. For the purposes of §§ 38.2-612.1 and 38.2-613, is an owner of property used as security for an indebtedness for which single interest insurance is required by a lender.

Notwithstanding any provision of this definition to the contrary, for purposes of § 38.2-612.1, "individual" shall not include any natural person who is covered under an employee benefit plan, group or blanket insurance contract, or group annuity contract when the insurance institution or agent that provides such plan or contract: (i) furnishes the notice required under § 38.2-604.1 to the employee benefit plan sponsor, group or blanket insurance contract holder, or group annuity contract holder; and (ii) does not disclose the financial information of the person to a nonaffiliated third party other than as permitted under § 38.2-613.

"Institutional source" means any person or governmental entity that provides information about an individual to an agent, insurance institution or insurance-support organization, other than:

1. An agent;

2. The individual who is the subject of the information; or

3. A natural person acting in a personal capacity rather than in a business or professional capacity.

"Insurance institution" means any corporation, association, partnership, reciprocal exchange, inter-insurer, Lloyd's type of organization, fraternal benefit society, or other person engaged in the business of insurance, including health maintenance organizations, and health, legal, dental, and optometric service plans. "Insurance institution" shall not include agents or insurance-support organizations.

"Insurance-support organization" means any person who regularly engages, in whole or in part, in the practice of assembling or collecting information about natural persons for the primary purpose of providing the information to an insurance institution or agent for insurance transactions, including (i) the furnishing of consumer reports or investigative consumer reports to an insurance institution or agent for use in connection with an insurance transaction or (ii) the collection of personal information from insurance institutions, agents or other insurance-support organizations for the purpose of detecting or preventing fraud, material misrepresentation or material nondisclosure in connection with insurance underwriting or insurance claim activity. However, the following persons shall not be considered "insurance-support organizations" for purposes of this chapter: agents, governmental institutions, insurance institutions, medical-care institutions and medical professionals.

"Insurance transaction" means any transaction involving insurance primarily for personal, family, or household needs rather than business or professional needs that entails:

1. The determination of an individual's eligibility for an insurance coverage, benefit or payment; or

2. The servicing of an insurance application, policy, contract, or certificate.

"Investigative consumer report" means a consumer report or a portion thereof in which information about a natural person's character, general reputation, personal characteristics, or mode of living is obtained through personal interviews with the person's neighbors, friends, associates, acquaintances, or others who may have knowledge concerning such items of information.

"Joint marketing agreement" means a formal written contract pursuant to which an insurance institution jointly offers, endorses, or sponsors a financial product or service with another financial institution.

"Life insurance" includes annuities.

"Medical-care institution" means any facility or institution that is licensed to provide health care services to natural persons, including but not limited to, hospitals, skilled nursing facilities, home-health agencies, medical clinics, rehabilitation agencies, and public-health agencies or health-maintenance organizations.

"Medical professional" means any person licensed or certified to provide health care services to natural persons, including but not limited to, a physician, dentist, nurse, chiropractor, optometrist, physical or occupational therapist, psychiatric social worker, clinical dietitian, clinical psychologist, pharmacist, or speech therapist.

"Medical-record information" means personal information that:

1. Relates to an individual's physical or mental condition, medical history, or medical treatment; and

2. Is obtained from a medical professional or medical-care institution, from the individual, or from the individual's spouse, parent, or legal guardian.

“Nonaffiliated third party” means any person who is not an affiliate of an insurance institution but does not mean (i) an agent who is selling or servicing a product on behalf of the insurance institution or (ii) a person who is employed jointly by the insurance institution and the company that is not an affiliate.

"Personal information" means any individually identifiable information gathered in connection with an insurance transaction from which judgments can be made about an individual's character, habits, avocations, finances, occupation, general reputation, credit, health, or any other personal characteristics. "Personal information" includes an individual's name and address and medical-record information, but does not include (i) privileged information or (ii) any information that is publicly available.

"Policyholder" means any person who:

1. In the case of individual property or casualty insurance, is a present named insured;

2. In the case of individual life or accident and sickness insurance, is a present policyowner; or

3. In the case of group insurance that is individually underwritten, is a present group certificate holder.

"Pretext interview" means an interview whereby a person, in an attempt to obtain information about a natural person, performs one or more of the following acts:

1. Pretends to be someone he or she is not;

2. Pretends to represent a person he or she is not in fact representing;

3. Misrepresents the true purpose of the interview; or

4. Refuses to identify himself or herself upon request.

"Privileged information" means any individually identifiable information that (i) relates to a claim for insurance benefits or a civil or criminal proceeding involving an individual, and (ii) is collected in connection with or in reasonable anticipation of a claim for insurance benefits or civil or criminal proceeding involving an individual. However, information otherwise meeting the requirements of this subsection shall nevertheless be considered personal information under this chapter if it is disclosed in violation of § 38.2-613 of this chapter.

"Residual market mechanism" means an association, organization, or other entity defined, described, or provided for in the Virginia Automobile Insurance Plan as set forth in § 38.2-2015, or in the Virginia Property Insurance Association as set forth in Chapter 27 (§ 38.2-2700 et seq.) of this title.

"Termination of insurance coverage" or "termination of an insurance policy" means either a cancellation or nonrenewal of an insurance policy other than by the policyholder's request, in whole or in part, for any reason other than the failure to pay a premium as required by the policy.

"Unlicensed insurer" means an insurance institution that has not been granted a license by the Commission to transact the business of insurance in Virginia.

§ 38.2-604. Notice of information collection and disclosure practices.

A. An insurance institution or agent shall provide a notice of insurance information practices to all applicants or policyholders in connection with insurance transactions as provided in this section:

1. In the case of an application for insurance a notice shall be provided no later than:

a. At the time of the delivery of the insurance policy or certificate when personal information is collected only from the applicant or from public records; or

b. At the time the collection of personal information is initiated when personal information is collected from a source other than the applicant or public records;

2. In the case of a policy renewal, a notice shall be provided no later than the policy renewal date, except that no notice shall be required in connection with a policy renewal if:

a. Personal information is collected only from the policyholder or from public records; or

b. A notice meeting the requirements of this section has been given within the previous twenty-four months; or

3. In the case of a policy reinstatement or change in insurance benefits, a notice shall be provided no later than the time a request for a policy reinstatement or change in insurance benefits is received by the insurance institution, except that no notice shall be required if personal information is collected only from the policyholder or from public records.

B. The notice required by subsection A of this section shall be in writing or, if the applicant or policyholder agrees, in electronic format, and shall state:

1. Whether personal information may be collected from persons other than an individual proposed for coverage;

2. The types of personal information that may be collected and the types of sources and investigative techniques that may be used to collect such information;

3. The types of disclosures identified in made under subdivisions 1, 2, 3, 4, 5, 6, 9, 11, 8, 10, and 12, and 14 of subsection B and subdivision 2 of subsection C of § 38.2-613 and the circumstances under which such disclosures may be made without prior authorization. However, only those circumstances need be described that occur with such frequency as to indicate a general business practice;

4. A description of the rights established under §§ 38.2-608 and 38.2-609 and the manner in which those rights may be exercised; and

5. That information obtained from a report prepared by an insurance-support organization may be retained by the insurance-support organization and disclosed to other persons.

C. Instead of the notice prescribed in subsection B of this section, the insurance institution or agent may provide an abbreviated notice in writing or, if the applicant or policyholder agrees, in electronic format, informing the applicant or policyholder that:

1. Personal information may be collected from persons other than an individual proposed for coverage;

2. The information, as well as other personal or privileged information subsequently collected by the insurance institution or agent, in certain circumstances, may be disclosed to third parties without authorization;

3. A right of access and correction exists with respect to all personal information collected; and

4. The notice prescribed in subsection B of this section will be furnished to the applicant or policyholder upon request.

D. The obligations imposed by this section upon an insurance institution or agent may be satisfied by another insurance institution or agent authorized to act on its behalf.

E. An insurance agent shall not be subject to the requirements of this section in any instance where the insurance institution on whose behalf the agent is acting otherwise complies with the requirements contained herein, and the agent does not disclose any personal information to any person other than the insurance institution or its affiliates, or as permitted by § 38.2-613.

F. An insurance institution or agent that does not disclose, and does not wish to reserve the right to disclose, personal information about policyholders or former policyholders to affiliates or nonaffiliated third parties except as authorized under subsection B of § 38.2-613 may satisfy the requirements under this section by providing notice regarding personal information in the same manner as set forth in subsection C of § 38.2-604.1.

§ 38.2-604.1. Notice of financial information collection and disclosure practices.

A. An insurance institution or agent shall provide clear and conspicuous notice of financial information collection and disclosure practices in connection with insurance transactions as required by subsection B of this section:

1. To an applicant before any financial information is disclosed about that applicant to any nonaffiliated third party, if the disclosure is made other than as permitted under § 38.2-613. For purposes of this subdivision, a notice provided to an employer benefit plan sponsor, group or blanket insurance contract holder, or group annuity contract holder shall satisfy the notice requirements of this subdivision for applicants of such plan, policy, or annuity, provided the insurance institution or agent does not disclose the financial information of those applicants to a nonaffiliated third party, other than as permitted under § 38.2-613;

2. To a policyholder no later than delivery or issuance of the policy or any other evidence of coverage, or at the later of these events. For purposes of this subdivision, a notice provided to an employee benefit plan sponsor, group or blanket insurance contract holder, or group annuity contract holder shall satisfy the notice requirements of this subdivision for persons covered under such plans, policies, or annuities, provided the insurance institution or agent does not disclose the financial information of those persons to a nonaffiliated third party, other than as permitted under § 38.2-613; and

3. To a policyholder, other than a policyholder of a title insurance policy, not less than once in any consecutive twelve-month period. A notice provided to the sponsor of an employee benefit plan or the owner of a group or blanket insurance policy or group annuity contract shall satisfy the notice requirements of this subdivision for persons covered under such plan, policy or contract. For purposes of this subdivision only, "policyholder" does not include a person who owns a policy that is lapsed, expired or otherwise inactive or dormant under the insurance institution's business practices, and with whom the insurance institution has not communicated about the relationship for a period of twelve consecutive months, other than annual privacy notices, material required by law or regulation, communication at the direction of a state or federal authority, or promotional materials.

B. Any notice required by subsection A of this section shall be in writing or, if the applicant or policyholder agrees, in electronic format, and shall state:

1. The types of financial information that may be collected;

2. The types of financial information that may be disclosed;

3. The categories of persons to whom financial information may be disclosed; however, when disclosures are made pursuant to subsection B of § 38.2-613, the notice is only required to state that disclosures may be made without prior authorization as permitted by law;

4. If financial information is disclosed pursuant to subdivision C 1 of § 38.2-613, the types of financial information that may be disclosed and the categories of nonaffiliated third parties to whom financial information may be disclosed by contractual agreement;

5. An explanation of the right to direct that financial information not be disclosed to nonaffiliated third parties as provided in § 38.2-612.1, provided that this explanation shall not be required to be given when information is disclosed pursuant to the provisions of § 38.2-613;

6. A description of the policies and practices for protecting the confidentiality and security of financial information;

7. The disclosure required, if any, under Section 603 (d) (2) (A) (iii) of the federal Fair Credit Reporting Act (15 U.S.C. § 1681 et seq.) pertaining to the notices regarding the ability to opt out of disclosure of information among affiliates; and

8. A description of the types of financial information about former policyholders that may be disclosed and a description of the types of affiliates and nonaffiliated third parties to whom financial information about former policyholders may be disclosed; however, when disclosures are made pursuant to subsection B of § 38.2-613, the notice is only required to state that disclosures may be made without prior authorization as permitted by law.

C. An insurance institution or agent that does not disclose, and does not wish to reserve the right to disclose, financial information about policyholders or former policyholders to affiliates or nonaffiliated third parties except as authorized in subsection B of § 38.2-613 may satisfy the requirements of this section by providing a notice that:

1. States the foregoing information regarding such insurance institution or agent;

2. Includes the information described in subdivisions B 1 and B 6 of this section; and

3. States that the insurance institution or agent makes disclosures to other affiliated or nonaffiliated third parties, as applicable, as permitted by law.

D. An insurance institution or agent may satisfy the notice requirements of subdivision A 1 of this section by providing a short form notice at the same time that the insurance institution or agent delivers an opt out notice as required by § 38.2-612.1. Such a short form notice shall: (i) be clear and conspicuous; (ii) state that the notice prescribed in subsection B of this section is available upon request; (iii) explain a reasonable means by which the applicant may obtain that notice; and (iv) be in writing or, if the applicant agrees, in electronic format. The insurance institution or agent is not required to deliver the notice prescribed in subsection B of this section with its short form notice, provided the insurance institution or agent provides the applicant with a reasonable means to obtain such notice.

E. The obligations imposed by this section upon an insurance institution or agent may be satisfied by another insurance institution or agent authorized to act on its behalf. An insurance institution may provide a joint notice from the insurance institution and one or more of its affiliates or other financial institutions, as identified in the notice, if the notice is accurate with respect to the insurance institution and the other institutions.

F. An insurance institution or agent, prior to disclosing financial information to a nonaffiliated third party other than as described in the notice prescribed in subsection B of this section, shall send a revised notice that accurately describes its information collection and disclosure practices. Such notice shall comply with the provisions of subsection B of this section.

G. An insurance institution or agent may satisfy the notice requirements of § 38.2-604 and this section through the use of separate notices or a combined notice.

H. An insurance agent shall not be subject to the requirements of this section in any instance where the insurance institution on whose behalf the agent is acting otherwise complies with the requirements contained herein, and the agent does not disclose any financial information to any person other than the insurance institution or its affiliates, or as permitted by § 38.2-613.

§ 38.2-606. Content of disclosure authorization forms.

Notwithstanding any other provision of law of this Commonwealth, no insurance institution, agent, or insurance-support organization shall utilize as its disclosure authorization form in connection with insurance transactions involving insurance policies or contracts issued after January 1, 1982, a form or statement that authorizes the disclosure of personal or privileged information about an individual to the insurance institution, agent, or insurance-support organization unless the form or statement:

1. Is written in plain language;

2. Is dated;

3. Specifies the types of persons authorized to disclose information about the individual;

4. Specifies the nature of the information authorized to be disclosed;

5. Names the insurance institution or agent and identifies by generic reference representatives of the insurance institution to whom the individual is authorizing information to be disclosed;

6. Specifies the purposes for which the information is collected;

7. Specifies the length of time such authorization shall remain valid, which shall be no longer than:

a. In the case of authorizations signed for the purpose of collecting information in connection with an application for an insurance policy, a policy reinstatement, or a request for change in policy benefits:

(1) Thirty months from the date the authorization is signed if the application or request involves life, accident and sickness, or disability insurance; or

(2) One year Two years from the date the authorization is signed if the application or request involves property or casualty insurance;

b. In the case of authorizations signed for the purpose of collecting information in connection with a claim for benefits under an insurance policy:

(1) The term of coverage of the policy if the claim is for an accident and sickness insurance benefit; or

(2) The duration of the claim if the claim is not for an accident and sickness insurance benefit; and

8. Advises the individual or a person authorized to act on behalf of the individual that the individual or the individual's authorized representative is entitled to receive a copy of the authorization form.

§ 38.2-612.1. Special requirements for providing financial information to nonaffiliated third parties.

A. Except as otherwise provided in § 38.2-613, no insurance institution, agent, or insurance-support organization may, directly or through an affiliate, disclose to a nonaffiliated third party financial information about an individual collected or received in connection with an insurance transaction, unless:

1. The individual has been given a clear and conspicuous notice in writing, or in electronic form if the individual agrees, stating that such financial information may be disclosed to such nonaffiliated third party;

2. The individual is given an opportunity, before such financial information is initially disclosed, to direct that such information not be disclosed, and in no case shall the individual be given less than thirty days from the date of notice to direct that such information not be disclosed;

3. The individual is given a reasonable means by which to exercise the right to direct that such information not be disclosed as well as an explanation that such right may be exercised at any time and that such right remains effective until revoked by the individual; and

4. The nonaffiliated third party agrees not to disclose such financial information to any other person unless such disclosure would otherwise be permitted by this chapter if made by the insurance institution, agent, or insurance-support organization.

B. 1. No insurance institution, agent, or insurance-support organization may disclose to a nonaffiliated third party, directly or through an affiliate, other than to a consumer reporting agency, a policy number or similar form of access number or transaction account of a policyholder or applicant for use in telemarketing, direct mail marketing or other marketing through electronic mail to an applicant or policyholder, other than to:

a. An agent or other person solely for the purpose of marketing the insurance institution’s own products or services as long as the agent or other person is not authorized to directly initiate charges to the account; or

b. A participant in a private label credit card program or an affinity or similar program where the participants in the program are identified to the policyholder or applicant at the time the policyholder or applicant enters the program.

2. A policy or transaction account shall not include an account to which third parties cannot initiate charges.

C. No insurance institution or agent shall unfairly discriminate against an individual because (i) the individual has directed that his personal information not be disclosed pursuant to subsection A of this section or (ii) the individual has refused to grant authorization of the disclosure of his privileged information or medical record information by an insurance institution, agent or insurance support organization pursuant to subsection A of § 38.2-613.

D. The requirements of subsection A of this section may be satisfied by providing a single notice if two or more applicants or policyholders jointly obtain or apply for an insurance product. Such notice shall allow one applicant or policyholder to direct that financial information not be disclosed to nonaffiliated third parties on behalf of all of the joint applicants or policyholders, provided that each applicant or policyholder may separately direct that his financial information not be disclosed to nonaffiliated third parties.

E. An insurance agent shall not be subject to the requirements of subsection A of this section in any instance where the insurance institution on whose behalf the agent is acting otherwise complies with the requirements contained herein, and the agent does not disclose any financial information to any person other than the insurance institution or its affiliates, or as permitted by § 38.2-613.

§ 38.2-612.2. Protection of the Fair Credit Reporting Act.

Nothing in this chapter shall be construed to modify, limit, or supersede the operation of the federal Fair Credit Reporting Act (15 U.S.C. § 1681 et seq.), and no inference shall be drawn on the basis of the provisions of this chapter regarding whether information is transaction or experience information under Section 603 of that Act.

§ 38.2-613. Disclosure limitations and conditions.

A. An insurance institution, agent, or insurance-support organization shall not disclose any personal medical-record information or privileged information about an individual collected or received in connection with an insurance transaction unless the disclosure is:

1. with the written authorization of the individual, provided:

a. 1. If the authorization is submitted by another insurance institution, agent, or insurance-support organization, the authorization meets the requirements of § 38.2-606; or

b. 2. If the authorization is submitted by a person other than an insurance institution, agent, or insurance-support organization, the authorization is:

(1) a. Dated,

(2) b. Signed by the individual, and

(3) c. Obtained one year two years or less prior to the date a disclosure is sought pursuant to this subdivision; or.

B. Notwithstanding the provisions of subsection A of this section, an insurance institution, agent, or insurance-support organization may disclose personal or privileged information about an individual collected or received in connection with an insurance transaction, without written authorization, if the disclosure is:

2. 1. To a person other than an insurance institution, agent, or insurance-support organization, provided the disclosure is reasonably necessary:

a. To enable that person to perform a business, professional or insurance function for the disclosing insurance institution, agent, or insurance-support organization and that person agrees not to disclose the information further without the individual's written authorization unless the further disclosure:

(1) Would otherwise be permitted by this section if made by an insurance institution, agent, or insurance-support organization; or

(2) Is reasonably necessary for that person to perform its function for the disclosing insurance institution, agent, or insurance-support organization; or

b. To enable that person to provide information to the disclosing insurance institution, agent, or insurance-support organization for the purpose of:

(1) Determining an individual's eligibility for an insurance benefit or payment; or

(2) Detecting or preventing criminal activity, fraud, material misrepresentation, or material nondisclosure in connection with an insurance transaction; or

3. 2. To an insurance institution, agent, or insurance-support organization, or self-insurer, provided the information disclosed is limited to that which is reasonably necessary:

a. To detect or prevent criminal activity, fraud, material misrepresentation, or material nondisclosure in connection with insurance transactions; or

b. For either the disclosing or receiving insurance institution, agent or insurance-support organization to perform its function in connection with an insurance transaction involving the individual; or

4. 3. To a medical-care institution or medical professional for the purpose of (i) verifying insurance coverage or benefits, (ii) informing an individual of a medical problem of which the individual may not be aware or (iii) conducting an operations or services audit, provided only that information is disclosed as is reasonably necessary to accomplish the foregoing purposes; or

5. 4. To an insurance regulatory authority; or

6. 5. To a law-enforcement or other government authority:

a. To protect the interests of the insurance institution, agent or insurance-support organization in preventing or prosecuting the perpetration of fraud upon it; or

b. If the insurance institution, agent, or insurance-support organization reasonably believes that illegal activities have been conducted by the individual; or

c. Upon written request of any law-enforcement agency, for all insured or claimant information in the possession of an insurance institution, agent, or insurance-support organization which relates an ongoing criminal investigation. Such insurance institution, agent, or insurance-support organization shall release such information, including, but not limited to, policy information, premium payment records, record of prior claims by the insured or by another claimant, and information collected in connection with an insurance company's investigation of an application or claim. Any information released to a law-enforcement agency pursuant to such request shall be treated as confidential criminal investigation information and not be disclosed further except as provided by law. Notwithstanding any provision in this chapter, no insurance institution, agent, or insurance-support organization shall notify any insured or claimant that information has been requested or supplied pursuant to this section prior to notification from the requesting law-enforcement agency that its criminal investigation is completed. Within ninety days following the completion of any such criminal investigation, the law-enforcement agency making such a request for information shall notify any insurance institution, agent, or insurance-support organization from whom information was requested that the criminal investigation has been completed.; or

7. 6. Otherwise permitted or required by law; or

8. 7. In response to a facially valid administrative or judicial order, including a search warrant or subpoena; or

9. 8. Made for the purpose of conducting actuarial or research studies, provided:

a. No individual may be identified in any actuarial or research report, and

b. Materials allowing the individual to be identified are returned or destroyed as soon as they are no longer needed, and

c. The actuarial or research organization agrees not to disclose the information unless the disclosure would otherwise be permitted by this section if made by an insurance institution, agent, or insurance-support organization; or

10. 9. To a party or a representative of a party to a proposed or consummated sale, transfer, merger, or consolidation of all or part of the business of the insurance institution, agent, or insurance-support organization, provided:

a. Prior to the consummation of the sale, transfer, merger, or consolidation only such information is disclosed as is reasonably necessary to enable the recipient to make business decisions about the purchase, transfer, merger, or consolidation, and

b. The recipient agrees not to disclose the information unless the disclosure would otherwise be permitted by this section if made by an insurance institution, agent, or insurance-support organization; or

11. 10. To a person nonaffiliated third party whose only use of such information will be in connection with the marketing of a nonfinancial product or service, provided:

a. No medical-record information, privileged information, or personal information relating to an individual's character, personal habits, mode of living, or general reputation is disclosed, and no classification derived from the information is disclosed,

b. The individual has been given an opportunity, in accordance with the provisions of subsection A of § 38.2-612.1, to indicate that he does not want personal financial information disclosed for marketing purposes and has given no indication that he does not want the information disclosed, and

c. The person nonaffiliated third party receiving such information agrees not to use it except in connection with the marketing of a the product or service; or

12. To an affiliate whose only use of the information will be in connection with an audit of the insurance institution or agent or the marketing of an insurance product or service, provided the affiliate agrees not to disclose the information for any other purpose or to unaffiliated persons; or

13. 11. By (i) To a consumer reporting agency, provided the disclosure is to a person other than an insurance institution or agent in accordance with the Fair Credit Reporting Act (15 U.S.C. § 1681 et seq.) or (ii) from a consumer report reported by a consumer reporting agency; or

14. 12. To a group policyholder for the purpose of reporting claims experience or conducting an audit of the insurance institution's or agent's operations or services, provided the information disclosed is reasonably necessary for the group policyholder to conduct the review or audit; or

15. 13. To a professional peer review organization for the purpose of reviewing the service or conduct of a medical-care institution or medical professional; or

16. 14. To a governmental authority for the purpose of determining the individual's eligibility for health benefits for which the governmental authority may be liable; or

17. 15. To a certificate holder or policyholder for the purpose of providing information regarding the status of an insurance transaction; or

18. 16. To a lienholder, mortgagee, assignee, lessor or other person shown on the records of an insurance institution or agent as having a legal or beneficial interest in a policy of insurance, or to persons acting in a fiduciary or representative capacity on behalf of the individual, provided that:

a. No medical record information is disclosed unless the disclosure would be permitted by this section; and

b. The information disclosed is limited to that which is reasonably necessary to permit such person to protect his interest in the policy.; or

17. Necessary to effect, administer, or enforce a transaction requested or authorized by the individual, or in connection with servicing or processing an insurance product or service requested or authorized by the individual, or necessary for reinsurance purposes, or for stop loss or excess loss agreements provided for in subsection B of § 38.2-109; or

18. Pursuant to any federal Health Insurance Portability and Accountability Act privacy rules promulgated by the United States Department of Health and Human Services.

C. An insurance institution, agent, or insurance-support organization may disclose information about an individual collected or received in connection with an insurance transaction, without written authorization, if the disclosure is:

1. To a nonaffiliated third party whose only use of such information will be to perform services for or functions on behalf of the insurance institution in connection with the marketing of the insurance institution’s product or service or the marketing of products or services offered pursuant to a joint marketing agreement, provided:

a. No medical-record information or privileged information is disclosed without the individual’s written authorization unless such disclosure is otherwise permitted by subsection B of this section,

b. With respect to financial information, the individual has been given the notice required by subsection B of § 38.2-604.1, and

c. The person receiving such financial information agrees, by contract, (i) not to use it except to perform services for or functions on behalf of the insurance institution in connection with the marketing of the insurance institution’s product or service or the marketing of products or services offered pursuant to a joint marketing agreement, or as permitted under subsection B of this section and (ii) to maintain the confidentiality of such information and not disclose it to any other nonaffiliated third party unless such disclosure would otherwise be permitted by this section if made by the insurance institution, agent, or insurance-support organization;

2. To an affiliate, provided:

a. No medical-record information or privileged information is disclosed without the individual’s written authorization unless such disclosure is otherwise permitted by subsection B of this section, and

b. The affiliate receiving the information does not disclose the information except as would otherwise be permitted by this section if such disclosure were made by the insurance institution, agent, or insurance-support organization.

B. D. 1. No person proposing to issue, re-issue, or renew any policy, contract, or plan of accident and sickness insurance defined in § 38.2-109, but excluding disability income insurance, issued by any (i) insurer providing hospital, medical and surgical or major medical coverage on an expense incurred basis, (ii) corporation providing a health services plan, or (iii) health maintenance organization providing a health care plan for health care services shall disclose any genetic information about an individual or a member of such individual's family collected or received in connection with any insurance transaction unless the disclosure is made with the written authorization of the individual.

2. For the purpose of this subsection, "genetic information" means information about genes, gene products, or inherited characteristics that may derive from an individual or a family member.

3. Agents and insurance support organizations shall be subject to the provisions of this subsection to the extent of their participation in the issue, re-issue, or renewal of any policy, contract, or plan of accident and sickness insurance defined in § 38.2-109, but excluding disability income insurance.

E. Any notices, disclosures, or authorizations required by this section may be provided electronically if the individual agrees.

F. Any privileged information about an individual that is disclosed in violation of this section shall be available to that individual in accordance with the provisions of §§ 38.2-608 and 38.2-609.

G. Except in the case of disclosures made pursuant to subdivision B 10 of this section, the requirements of subsection A of § 38.2-612.1 shall not apply when information is disclosed pursuant to this section.

§ 52-41. Receipt of information; immunity from liability.

A. Any insurer providing information to an authorized representative of the Department pursuant to § 52-38 or pursuant to subdivision A 6 B 5 of § 38.2-613 shall have the right to request relevant information and receive, within thirty days, the information requested.

B. No cause of action in the nature of defamation, invasion of privacy, or negligence shall arise against any person furnishing information concerning any suspected, anticipated or completed criminal violation when the information is provided to or received from the Department, the National Association of Insurance Commissioners, another insurer, any federal or state governmental entity established for the purposes of detecting and preventing insurance fraud, or the National Insurance Crime Bureau.

C. No insurer, its officers or employees, insurance professional or any other person shall be subject to such cause of action for cooperating with, or furnishing evidence or information regarding any suspected criminal violation to the Department.

D. This section shall not provide immunity for those disclosing or furnishing false information with malice or willful intent to injure any person.

E. This section does not abrogate or modify in any way common law or statutory privilege or immunity heretofore enjoyed by any person or entity, nor does it authorize the Department to make public insurance company records which that are proprietary in nature.

2. That § 38.2-513 of the Code of Virginia is repealed.