CHICAGO-Insurers looking to report suspected fraudulent claims to prosecutors or regulators can find themselves between a rock and a hard place.

While insurers don't want to ignore potential fraud, they may also worry that such reports can trigger policyholder lawsuits for defamation or malicious prosecution.

In fact, though, many states offer at least qualified immunity from such actions, and insurers that observe some simple guidelines can avoid disastrous legal headaches, said Sheila J. Carpenter, a lawyer with Jorden Burt Berenson & Johnson L.L.P. in Washington.

Immunity statutes are the good news for insurers, Ms. Carpenter told an audience at the recent annual meeting in Chicago of the International Assn. of Insurance Fraud Agencies.

The bad news is that fighting policyholder suits can be expensive even if insurers win summary judgments dismissing the complaints.

"Your field report on a $10,000 claim can cost you $100,000 in legal fees even if you win on summary judgment," she said.

Losing a case can be far worse: "One bad verdict can wipe out all of your savings on fighting fraud," Ms. Carpenter noted.

Still, the problem of claims fraud is so rampant that several states require insurers to report suspicious cases to law enforcement or regulatory authorities.

Minnesota law, for example, requires insurers to report when they have "reason to believe" a fraud has occurred, according to Ms. Carpenter. Maryland law, meanwhile, requires reporting when insurers "in good faith have cause to believe" a claim is bogus.

To protect insurers making these reports, most states have some form of immunity statute. As of last year, roughly 40 states had laws granting at least qualified immunity to insurers passing information to law enforcement agencies. Sixteen states had laws protecting insurers that share information with each other, according to Ms. Carpenter.

In nearly all states, the key for maintaining the immunity privilege is for insurers to act in "good faith," she said.

An appeals court in one state-California-has ruled that insurers have absolute immunity in reporting insurance fraud, even when they act in bad faith. That court concluded that the public benefit of reporting fraud outweighs the "occasional harm that might befall a defamed individual," according to Ms. Carpenter.

An insurer should assume, though, that it must act without malice or bad faith to preserve its immunity from policyholder suits, she said. It can do this by using "practices and procedures that make it easy to demonstrate that it acted in good faith."

As an example of how not to act, Ms. Carpenter cited the example of an insurance company that denied the claim of a homeowner whose house burned, referring the case to local prosecutors. The homeowner was acquitted of arson charges, sued the insurer and won $7.5 million in compensatory and punitive damages.

The insurer in this case made several severe mistakes, she said. Among other things, the insurer:

Was represented by a claims investigator who arrived at the scene of the fire and announced that his job was to put people in jail.

Stuck with its arson charge in the face of overwhelming evidence to the contrary.

Failed to tell prosecutors about exculpatory evidence even when the prosecutors asked directly.

Paid for a prosecution expert witness at the criminal trial.

Sent the policyholder several lengthy claim denial letters citing "frivolous" reasons for denying the claim in addition to the alleged arson.

"I hope (this insurer) has a really good anti-fraud program, because it's going to take them a long time to make up what this case cost them ultimately," Ms. Carpenter observed.

Insurers can lose their immunity privilege in several ways, according to Ms. Carpenter. They can, for example, pass along defamatory material they know to be false, meeting the legal standard of "malice" in a defamation action.

Insurers also can lose their privilege by:

Reporting information for a purpose not intended to be covered by the immunity law, such as to intimidate a policyholder or justify firing an employee or agent.

""Excessive" reporting to parties that have no interest in the case.

Reporting damaging information that is not relevant to the suspected fraud.

Insurers can avoid these pitfalls by following a few procedures that will ensure they are found to be acting in good faith, Ms. Carpenter advised.

For example, insurers should distribute information only to those who can help with a fraud investigation or who need to know about the inquiry.

Investigators generally should not be too talkative about their work, she said.

"I'm not sure that the fraud unit is not a place for the introverts in your company," she said. "One of the ways you can waive your privilege is to spread information further than it needs to go."

Insurers also should develop procedures to ensure the accuracy of collected information and should not report any information they can't easily defend as true. They also should have procedures to protect against inadvertent disclosures and should behave like prosecutors, taking into account both incriminating and exculpatory information, Ms. Carpenter advised.