Ohio law shapes the confidentiality and reporting requirements for private insurers operating in the state.  Insurance entities may disclose personal or privileged information about an insured under a number of circumstances, including for purposes of fraud detection, for informing individuals about medical conditions of which they may be unaware, to medical peer review organizations and for conducting research and actuarial studies.1  Medical records may not be disclosed as they relate to an individual’s character, personal habits, mode of living, or general reputation for advertising purposes.  Insurance entities must utilize an appropriate disclosure authorization form for the disclosure of personal or privileged information about an individual in connection with insurance transactions that specifies what information will be disclosed, for what purpose and to whom.2

If an insured individual requests access to his personal information, the insurance entity must provide the insured an opportunity to see or receive a copy of the information, and may supply medical record information either to the insured or to a designated medical professional.3  If an insured requests an insurance entity corrects, amends or deletes recorded personal information, the entity must either make the correction, amendment or deletion, or notify the insured of its refusal to do so.  The entity must ensure that a correction, amendment or deletion information is made known to appropriate persons, and must ensure that a refusal to correct, amend, or delete the information is included with the disputed information so that anyone who reviews such information is aware of the dispute.4