Skip to Content

M.S.A. §72A.502

Link to the law
This will open in a new window

Disclosure of information; limitations and conditions

An insurance company cannot disclose personal information about an individual obtained as a  result of an insurance transaction without the individual’s written authorization.  An insurance company is also not allowed to collect personal information about an individual that is not related to a claim filed with the insurer without the individual’s written authorization.  An exception to this rule is that personal information can be disclosed without an individual’s written authorization when it is reasonably necessary to detect or prevent criminal activity, fraud, misrepresentation regarding an insurance transaction, or pursuant to any other law.  Individual written authorization is also not needed for disclosure of personal information to a health care institution or health care provider for insurance verification or other necessary purposes or for disclosure to an insurance regulatory body.  Personal information may be disclosed to a governmental entity without an individual’s written authorization if the disclosure is necessary to prevent fraud, or if the insurer believes the individual is engaged in illegal activities.  No written authorization is needed for disclosure of personal information for research studies as long as the information is not individually identifiable, the information is destroyed or returned after the study, and the researcher agrees not to further disclose the information.  Whenever an insurance company discloses personal information that requires written authorization, the insurance company must send written notice to the individual within 10 days, and include details of what was disclosed and to whom. 


Current as of June 2015