Letter of the Law
When complying with fraud investigations, insurers should stick to their statutory obligations
In this current litigious environment, insurers and individual claims professionals face many risks while handling fraud investigations, whether the investigation focuses on an insured, an outside contractor, or a medical provider. With cases involving allegations of defamation, abuse of process, and interference with business relationships, it is important to properly manage the investigation and communications.
Many states have enacted legislation requiring insurance companies to notify law enforcement authorities when arson or fraud is suspected—and to cooperate in third-party governmental investigations of arson and fraud claims—while giving immunity for such cooperation (See e.g. Georgia: O.C.G.A. §§ 25-2-33, 33-1-16; Florida: Fla. Stat. §§ 633.126, 626.989; Illinois: 215 ILCS 145/1, 215 ILCS 5/155.24; Michigan: MCLS §§ 29.4, 500.4509). However, such immunity from civil liability is often limited to insurers that cooperate or report in good faith in the investigation of suspected arson and fraud.
Insurers should follow the requirements of the respective state laws when releasing information to an authorized official, whether that is the state fire marshal, insurance commissioner, or a law enforcement agency. For example, with regard to suspected fraud in Georgia, O.C.G.A. § 33-1-16 requires an insurer to comply with requests for information from the insurance commissioner and the commissioner’s investigative agents, but does not provide a specific definition identifying the appropriate law enforcement authorities to whom an insurer may release information. Instead, the statute generally identifies qualified law enforcement agencies as any federal, state, county, or consolidated police or law enforcement departments, and any prosecutors or district attorneys. Thus, the list of individuals to whom insurers may, or are obligated to, release information to appears to be very broad.
As a general guideline, for insurers that wish to rely upon the statute when reporting suspected arson or fraud to law enforcement authorities, it would be beneficial to narrowly construe the statute when providing information voluntarily. In other words, if there is a question as to the propriety of voluntarily releasing information to a particular public authority not listed in the statute, the insurer should err on the side of caution and not voluntarily release that information.
Criminal and Civil Liability Immunity
While most arson and fraud reporting statutes provide for criminal and civil immunity for the insurer that furnishes information requested by a public authority, the statutes often require that the information be shared in good faith and without fraud or malice. This is very important in terms of an insurer’s and/or individual’s potential liability for state libel and slander claims, as well as federal claims for civil rights violations.
For example, an individual criminally accused of arson by the state may attempt to sue the insurer that provided information to the state for monetary damages related to federal civil rights violations, such as violations of the Fourth Amendment’s search and seizure protections. While the insurance company is a private organization—and thus not a government agent for purposes of the Fourth Amendment’s search and seizure law—if the insurer and individuals employed by the carrier appear to be acting on behalf of the state, then there may be potential liability. To prevent that, immunity statutes create a safe haven for insurers and their employees to cooperate with law enforcement authorities in arson and fraud investigations.
However, the insurer should always take a proscribed view of its cooperation with those public authorities in order to prevent the appearance of being a “state actor.” Consequently, an insurer and its employees should follow the applicable immunity statutes to the letter. Any requests from public authorities or other entities outside of the express terms of the statutes should be reviewed carefully by the insurer and its legal counsel to maximize the immunity afforded under the statutes.
As another example, an individual or corporate entity civilly accused of fraud—such as a physician with a suspected fraudulent medical billing scheme facing accusations of fraud and violations of the civil Racketeer Influenced and Corrupt Organizations Act—may attempt to sue the insurer that made the allegations with claims of defamation. As a defense, the insurer can claim that the alleged defamatory statements were made in the course of its investigation of the suspected fraud and is, therefore, subject to either statutory and/or common law privileges and immunities. However, most states find an exception when there is evidence of actual malice.
Avoiding Potential Exposure
To avoid exposing the insurer or claims professional to allegations of defamation, abuse of process, and interference with business relationships, it is important to properly manage the investigation and communications. Most importantly, it is critical to follow the letter of the law when reporting information to law enforcement agencies and to actually cite the statute in order to make it clear that the information is only being provided because cooperation is required.
One recommendation is to use the “just the facts” approach and avoid making allegations that a law has been violated. Allow the law enforcement agency to draw its own conclusions. Otherwise, those allegations may be used to show that there was intent to defame the party and show that the insurer intended to steer law enforcement to prosecute the individuals suspected, which may give rise to an allegation of malicious prosecution.
Additionally, only produce information under cover of “personal and confidential,” and remember to request that all information be returned when it’s no longer needed. This is necessary to prevent that information from being used by an unintended party and to help show the insurer’s good-faith effort to protect the information from being disseminated outside the intended party.
Finally, the employee responsible for submitting the information to law enforcement must be familiar with the insurer’s best practices. If an employee is found to be acting outside the scope of best practices, then the employee may be subject to personal liability.