Protecting Your Privacy!

We frequently tell clients and prospective clients that they need to be careful about using their medical insurance for alcohol treatment and their pharmacy benefit for medications that are only prescribed for alcohol problems. These can and do get in your record and can follow you around for years. Many people don’t believe us and cite HIPAA as the reason. We thought we would share this information with you again. It is from the Privacy Rights Clearinghouse website ( We are not saying don’t use your insurance, but do understand the privacy tradeoffs you may be making when you do so.

The Medical Information Bureau

There is a great deal of misunderstanding about the Medical Information Bureau (MIB). The MIB is a private company that maintains a database of individual medical and other information for approximately 750 member insurance companies. MIB members use the database to assess risk and prevent fraud on applications.

Insurers will still want your medical records and will still have use for the MIB in assessing other types of individual insurance applications where health is a risk factor, like life, disability, and long-term-care policies.

According to the MIB, only about 15-20% of applicants for individual insurance end up in the database, because they have applied within the last seven years (the length of time the MIB maintains records) and their application has revealed a medical problem that affects morbidity or mortality, in other words, the likelihood of acquiring a certain disease or condition or dying from it.

If you want to find out if you are in the MIB database, and if so, what is in your record, you may request a free MIB report annually by calling 866-692-6901 (a recording). You will be asked for some personally identifying information so that your record can be located, if one exists. In about two weeks, you will receive either your record or a notice that no record was found.

What is in a MIB report? The MIB database contains information about medical conditions and diagnostic tests, reported by insurers, and based on medical records they receive as part of your application process. The MIB does not have the actual records. Instead, it identifies medical conditions and risky lifestyle choices (for example, smoking or skydiving) by code numbers. A report also includes the name(s) of MIB member companies that submitted your information and that have received a copy of your record during the two years prior to your request.

Prescription Drug Reports

Personally identifiable prescription information can be legally bought and sold. Two companies, Milliman and Ingenix, compile individual prescription drug histories from databases kept by pharmacy chains and pharmacy benefit managers (PBMs). A PBM administers drug benefit programs for health plans and employers. It has your prescription records because it processes and pays prescription drug claims. Insurers buy the reports—for $15—to evaluate applications for individual health, life, or disability policies.

What is in a prescription report? Your report contains a five-year record of your prescriptions, including dosages, refills, and prescribing doctors as well as their medical specialty. Prescription information can reveal treatment for a disease or condition that you actually have, but it can also easily lead to incorrect assumptions. For instance, consider off-label prescribing: menopausal women are routinely prescribed anti-depressants for insomnia. An insurer reviewing that report might come to another conclusion about that woman’s mental health, which could affect her insurability or her premium.

What rights do you have concerning prescription reports? Like the MIB, Milliman and Ingenix are considered consumer reporting agencies (CRAs) and are regulated by the Fair Credit Reporting Act. This entitles you to a notice of adverse action from the insurer, even if your prescription report was not the primary reason for denial of coverage or a premium increase. You can dispute the accuracy of the report and request a free copy of it. If you want to know whether a report exists for you, and what it contains, you can contact the companies and request it.


As of January 1st, a change has occurred where all prescription drugs purchased must be reported. This includes Naltrexone. If you are concerned about this appearing let us know and we will provide you with information on a reliable Canadian pharmacy which will fill the prescription without it being reported in the U.S. It takes about 3 weeks but may be worth the delay in terms of preserving your confidentiality.


Data Brokers and Your Privacy

What are data brokers?

Data brokers are companies that collect and aggregate consumer information from a wide range of sources to create detailed profiles of individuals. These companies then sell or share your personal information with others. Data brokers are sometimes also called information resellers, data vendors, or information brokers.

How do data brokers obtain information?

Data brokers obtain their information from a large number of sources. These may include:

  • Government and public records such as court filings, real property and tax assessor records; court filings, recorded liens and mortgages, driver’s license records, motor vehicle records, voter registrations, telephone directories, real estate listings, birth, marriage, divorce and death records, professional license filings, recreational (hunting and fishing) licenses, and Census demographic information. Some states may restrict disclosure of some of this information.
  • Self-reported information directly from consumers through warranty cards, sweepstakes entries, contests, and surveys. This information may be provided by consumers either online or offline.
  • Social media sites such as Facebook, LinkedIn, and others may be used to gather information including consumers’ names, age, gender, location, colleges and universities attended.
  • Cooperative arrangements through which companies provide information about their customers in exchange for information to enhance their existing customer lists or identify new customers.
  • Purchase or licensing of information from other data brokers, retailers, and financial institutions. This may include consumers’ web browsing activities from online advertising networks, data about purchases from retailers, catalog companies and magazines, and data from websites where consumers register or log in to obtain services, such as retail, news, and travel sites.

What types of information do data brokers collect?

Data brokers collect a wide range of personal information about consumers. Much of this information is demographic in nature, and may include consumer names, their addresses (and previous addresses), telephone numbers, e-mail addresses, age and gender, family status (marital status and number and ages of children), Social Security numbers, religion, data about real estate owned, political affiliation, estimated income level, educational level, and occupation.

Who uses data broker information?

Data brokers sell the consumer data that they have compiled to a wide range of customers. These customers may include financial institutions, insurance companies, the hospitality industry, cable and telecommunications companies, political campaigns, retail stores, and even government entities and law enforcement agencies. In addition, many data brokers sell or exchange information with other data brokers.

As an example, the data broker Acxiom’s customers include “47 Fortune 100 clients; 12 of the top 15 credit card issuers; seven of the top 10 retail banks; eight of the top 10 telecom/media companies; seven of the top 10 retailers; 11 of the top 14 automotive manufacturers; six of the top 10 brokerage firms; three of the top 10 pharmaceutical manufacturers; five of the top 10 life/health insurance providers; nine of the top 10 property and casualty insurers; eight of the top 10 lodging companies; two of the top three gaming companies; three of the top five domestic airlines; six of the top 10 U.S. hotels.” U.S. Senate Commerce Committee, A Review of the Data Broker Industry: Collection, Use, and Sale of Consumer Data for Marketing Purposes (December 2013) (“Rockefeller Report”)

Are there any laws that regulate data brokers?

According to the FTC, there are no current federal laws requiring data brokers to maintain the privacy of consumer data unless they use that data for credit, employment, insurance, housing, or other similar purposes. Consumers generally have no federal right to know what information data brokers have compiled about them for marketing purposes. No federal law provides consumers with the right to correct inaccuracies in the data or assumptions made by data brokers.

The Fair Credit Reporting Act (FCRA) imposes a number of obligations on consumer reporting agencies (CRAs), which are entities that assemble consumer information into consumer reports (credit reports). The FCRA applies to data brokers only if the data is used by issuers of credit or insurance, or by employers, landlords, and others in making eligibility decisions affecting consumers. It’s important to note that most data brokers are not CRAs and thus are not subject to the FCRA.

Do individuals have any rights to see, correct, or opt out of the information that data brokers have compiled?

No federal statute provides consumers with the right to learn what information data brokers have compiled about them. Likewise, consumers do not have a right to “opt out”, that is, to prevent data brokers from collecting, sharing, or publishing their personal information.

Consumers also do not have the right to require data brokers to correct or delete inaccurate, incomplete, or unverifiable information.