Private insurers in the state of Oregon are subject to limitations on the disclosure and use of protected health information.  A licensee or insurance-support organization may disclose personal or privileged information about an individual collected or received with an insurance transaction under a variety of circumstances, including when for the performance of a business, professional or insurance function, to detect or prevent fraud, to inform an individual of a medical problem of which he may not be aware, or to a professional peer review organization for the purpose of reviewing the service or conduct of a health care provider.1

        Private insurers are also required to report certain information.  As an example, the Office for Oregon Health Policy and Research requires all insurers in the state, including private insurers, managed care plans, health service contractors and third party administrators to report health care data.2

Private insurers must abide by requirements surrounding the requested correction and deletion of insurance information.  Any entity that corrects, amends, or deletes insurance information must produce the correction, amendment or fact of deletion to each person that was specifically designated by the complaining individual, each insurance-support organization that has systematically received recorded personal information from the insurer within the preceding seven years, and each insurance-support organization that furnished the recorded personal information that has been corrected amended or deleted.3