Skip to Content

Private Insurance Data Requirements in Ohio

Ohio law shapes the confidentiality and reporting requirements for private insurers operating in the state.  Insurance entities may disclose personal or privileged information about an insured under a number of circumstances, including for purposes of fraud detection, for informing individuals about medical conditions of which they may be unaware, to medical peer review organizations and for conducting research and actuarial studies.1  Medical records may not be disclosed as they relate to an individual’s character, personal habits, mode of living, or general reputation for advertising purposes.  Insurance entities must utilize an appropriate disclosure authorization form for the disclosure of personal or privileged information about an individual in connection with insurance transactions that specifies what information will be disclosed, for what purpose and to whom.2

If an insured individual requests access to his personal information, the insurance entity must provide the insured an opportunity to see or receive a copy of the information, and may supply medical record information either to the insured or to a designated medical professional.3  If an insured requests an insurance entity corrects, amends or deletes recorded personal information, the entity must either make the correction, amendment or deletion, or notify the insured of its refusal to do so.  The entity must ensure that a correction, amendment or deletion information is made known to appropriate persons, and must ensure that a refusal to correct, amend, or delete the information is included with the disputed information so that anyone who reviews such information is aware of the dispute.4

 

Footnotes

  • 1. Ohio Rev. Code § 3904.13
  • 2. Ohio Rev. Code § 3904.06
  • 3. Ohio Rev. Code § 3904.08
  • 4. Ohio Rev. Code § 3904.09

 

Private Insurance Data Requirements in Ohio

Subtopic Statute/Regulation Description
Correction/deletion of insurance information Correction, amendment or deletion of information – Ohio Rev. Code Ann. § 3904.09 Within thirty business days of receiving a written request from an individual to correct, amend, or delete any recorded personal information about...
Disclosure of information held by health plan, including notice requirements Disclosure authorization form – Ohio Rev. Code Ann. § 3904.06 An insurance institution, agent, or insurance support organization must use a disclosure authorization form for the disclosure of personal or...
Disclosure of personal or privileged information – Ohio Rev. Code Ann. § 3904.13 An insurance institution, agent, or insurance support organization may disclose personal or privileged information about an individual collected or...
Written request for access to recorded personal information – Ohio Rev. Code Ann. § 3904.08 If any individual submits a written request to an insurance institution, agent, or insurance support organization for access to his recorded personal...
Required testing by insurance company(genetic and HIV/STD) Requiring HIV testing – Ohio Rev. Code Ann. § 3901.46 An insurer may require an applicant for coverage to submit to an HIV test in conjunction with tests for other health conditions.  The insurer...
Access to individual’s own records (Cross reference Medical Records Collection) Written request for access to recorded personal information – Ohio Rev. Code Ann. § 3904.08 If any individual submits a written request to an insurance institution, agent, or insurance support organization for access to his recorded personal...