Laura Berry is a former State Farm insurance producer and insurance expert.

Full Bio →

Written by

Dan Walker graduated with a BS in Administrative Management in 2005 and has been working in his family’s insurance agency, FCI Agency, for 15 years. He is licensed as an agent to write property and casualty insurance, including home, auto, umbrella, and dwelling fire insurance. He’s also been featured on sites like Reviews.com.

Full Bio →

Reviewed by Daniel Walker
Licensed Car Insurance Agent

UPDATED: Feb 15, 2017

Advertiser Disclosure

It’s all about you. We want to help you make the right life insurance coverage choices.

Advertiser Disclosure: We strive to help you make confident life insurance decisions. Comparison shopping should be easy. We are not affiliated with any one life insurance provider and cannot guarantee quotes from any single provider.

Our life insurance industry partnerships don’t influence our content. Our opinions are our own. To compare quotes from top life insurance companies please enter your ZIP code on this page to use the free quote tool. The more quotes you compare, the more chances to save.

Editorial Guidelines: We are a free online resource for anyone interested in learning more about life insurance. Our goal is to be an objective, third-party resource for everything life insurance-related. We update our site regularly, and all content is reviewed by life insurance experts.

Don't miss these facts...

  • It depends on exactly what you mean by that question
  • If you are asking can they look at whatever they want, whenever they want, then the answer is no. Various federal laws protect your right to medical privacy
  • They can have limited access to medical information for policy approval if you sign an authorization form or they subpoena records for illegal activity

In 1996, the U.S. federal government passed The Health Insurance Portability and Accountability Act. It is commonly known as HIPAA.

It is commonly known as HIPAA. However, due to the way it is typically pronounced when spoken, people sometimes inadvertently use the written abbreviation “HIPPA.”

One of the things this act covers is your rights concerning Private Health Information. In general, you have a right to access your own information and you also have a right to privacy.

This information should not be shared willy-nilly by various business entities that have access to it.

According to the government’s own official site, the privacy rule of HIPAA does not apply to life insurers. However, it still applies to the entities that hold your medical records, such as doctors, clinics and hospitals.

Learn more above who can have access to your medical records below and don’t miss out on our free life insurance comparison tool above!

The “Minimum Necessary” Rule

adobestock_83598624-1600x1600

Although the entities covered by HIPAA rules can share information about your health for purposes of treating you or for the purpose of getting paid, the official government site states,”Covered entities must reasonably limit uses and disclosures to the minimum necessary to accomplish their intended purpose.”

Enter your zip code below to view companies that have cheap life insurance rates.

 Secured with SHA-256 Encryption

How This Gets Used In Practice

This is exactly how industry insiders are trained. For example, if someone works in health insurance, they are required to read your medical records for purposes of determining if a claim is payable or not.

This may sometimes mean reviewing quite a lot of records in order to make a determination.

However, if they simply read through all available records to entertain themselves or to crack jokes at your expense or to share gossip, they can be punished for it, up to and including being fired for it.

Although they need to access your records to perform their job, that is the only reason they should be accessing your records.

Furthermore, if they are reviewing to determine if an accident claim is payable, they most likely have no need to access records concerning treatment for cancer.

Thus, they shouldn’t be requesting such records without a compelling reason that they can defend to their boss or, potentially, in a court of law.

They should be requesting and reviewing only the records necessary to do their job properly. They should not be requesting anything more than that. This is the essence of the “minimum necessary” rule.

Legal Authorization

adobestock_40258869-1600x1600

However, the general idea behind HIPAA is that you should retain the rights to your own health information. You not only retain the right to have people not see it, you also retain the right to share it as you see fit for your own purposes.

This means you can sign papers giving legal authorization to access your records, in part or in full, to specified entities. 

This may be a trusted family member, such as a spouse or an adult child who is helping to care for you, or it may be an organization that you wish to share your records with for various reasons, such as an insurance company.

Thus, if you sign an authorization giving the life insurance company access to your records, they absolutely can legally request a copy or copies of your records and receive them.

So, if there is information you do not want them to have for some reasons, make sure you read any and all paperwork very carefully before filling it out and signing anything.

But don’t they have a right to know?

Well, yes and no. Life insurance companies have a right to know information relevant to the coverage they are supplying.

In other words, when you apply for the policy, they have a right to know if there is currently something seriously wrong with you that is likely to end your life unusually early.

Obviously, you shouldn’t be trying to get one over on an insurance company.

You shouldn’t be intentionally trying to omit or hide information about yourself that would cause them to deny you the policy if they were aware of this information.

– But you do have a right to privacy?

Although you shouldn’t be trying to hide information from a life insurance company for purposes of gaining a policy for which you do not qualify, you do still have a right to privacy.

This means there may be things you do not wish to share and should not have to share.

There may be things about yourself that you do not wish them to know and which are not relevant to your eligibility for life insurance.

For example, many people do not want it generally known if they have been sexually assaulted or had a sexually transmitted disease.

Holding back such information is not about defrauding the company. It is about personal dignity and privacy.

If the information you do not want to disclose is not relevant to the business decision concerning your eligibility for insurance, then you have a legal right to privacy.

You do not have to share that information if it is not pertinent.

This is part of why the Medical Information Bureau (MIB) shares limited information with insurance companies.

It is one means to make sure the life insurance company can get the information they need to make a decision and no more. It is one means to balance these two concerns.

Enter your zip code below to view companies that have cheap life insurance rates.

 Secured with SHA-256 Encryption

But What About After I Die?

adobestock_64885760-1600x1600

This depends on a great many factors, from what kind of life insurance coverage you have to the details surrounding your demise. If you die under suspicious circumstances, this can very much complicate things.

– Cause of Death

Generally speaking, someone will need to supply the life insurance company with a copy of your death certificate. Your death certificate should list the cause of death.

Although it used to be common for death certificates to list the cause of death as “natural causes,” this is much less common these days.

This is partly an artifact of modern technology.

We are far more likely these days to be able to determine specifically what happened, so even someone 90 years old may have a death certificate that says “heart attack” instead of “natural causes.” This is not necessarily a problem per se.

Insurance companies do their best to keep up with the times and their claims department gets on-going training for what types of phrases are perfectly acceptable and which types signal a need for additional information.

If your death is suspicious or if you have a policy that specifies that it pays only for certain causes of death, like an accident, then they may need additional records to review the claim.

These records may include medical records, but they may also include things like a police report, for example, if the cause of death is a car accident.

– Type of Policy

Although most life insurance generally can be divided up into either term or whole life, many term policies have additional conditions beyond just the time frame of the person’s death.

Various kinds of accident coverage are quite common. In fact, it is possible that there will be several policies in force at the time of one’s demise.

For example, if you happen to buy plane tickets to go on vacation with a credit card and then rent a car while on vacation with another credit card, and then have a car accident, it is possible that both credit cards issued insurance coverage relevant to this event.

So, in this case, there would need to be additional information submitted beyond just the death certificate in order for the claim to be properly reviewed.

Accidental death insurance is only payable when fairly narrow conditions are met. It thus generally requires additional supporting documentation in order to show that all conditions were met.

Balance and Counterbalance

adobestock_87159876-1600x1600

Now that you have that background, let’s try to sum this up: While life insurance companies are not covered by HIPAA, the doctors, hospitals and clinics that hold your medical records are covered by it.

There are substantial restrictions on their right to share this information.

Generally speaking, life insurance companies will be able to access some information about your medical history, usually through the MIB, questionnaires that you fill out during the application process or if you sign an authorization granting them access.

But, in most cases, they only want to know enough about you to determine if you qualify for the type of coverage you are requesting.

– Bad Acts

However, if there is a reason to believe that anything illegal has happened, this can be a situation where your medical records may be subpoenaed. This is true whether the suspicious activity is something you did or something someone else did.

In other words, if they think you are intentionally trying to defraud the company, this may be a reason to request your medical records.

Or if they think you died suspiciously, this may also be a reason to request your medical records.

Laws in the U.S. are set up to try to make sure that people do not profit from their bad acts. This covers, for example, killing someone for the insurance money.

So the idea is that we not only want them to go to jail for this, but we also do not want them to collect the insurance money, even if they were named as the beneficiary.

– The Devil is in the Details

We all would like to live in a just world, one where our privacy is respected and where wrongs are righted. Sometimes, we may think there should be one simple rule that works towards the ends of good.

But the reality is that life is complicated and it takes a lot of good rules and regulations, plus careful judgment calls, to try to sort out right from wrong. Sometimes, sharing your information is in your best interest, and sometimes it is not.

Sometimes, sharing your information is in your best interest, and sometimes it is not.

The law does its best to try to make rules about when, why and how to do this. Various industries involved in dealing with your private health information also develop best practices for trying to comply.

Some Best Practices for Consumers

adobestock_79897876-1600x1600

A few Americans who have been military dependents their entire life or who have always lived in the same place and gone to the same hospital may have fairly complete medical records available from one source. But, most Americans do not yet have a single repository for their medical records.

One means to protect your privacy is to give the company a copy of the medical records it desires instead of an authorization to request those records.

Another is to give them authorization only to request records from specific medical entities. If some of your records are held at a different office, they may be effectively inaccessible.

In other words, you may be able to give them an authorization that allows them to get your medical records from your general practitioner but does not allow them to get psychiatric records from your personal therapist.

If you aren’t actually hiding pertinent information, this is not illegal.

For people who have valid privacy concerns, it is worth considering how to effectively share the information they need from you, but no more.

This choice would comply with the federal “minimum necessary” rule and is totally legal.

Start comparing life insurance quotes today with our free quote tool below!

References: