[§431:2D-107]  Confidentiality requirements. (a)  Except as otherwise provided by law, market conduct surveillance personnelshall have free and full access to all books and records, employees, officers,and directors, as practicable, of the insurer during regular business hours. An insurer using a third-party model or product for any of the activities underexamination shall provide, upon the request of market conduct surveillancepersonnel, the details of those models or products to those personnel.  Alldocuments, whether from a third party or an insurer, including but not limitedto working papers, third-party models or products, complaint logs, and copiesthereof, created, produced, or obtained by or disclosed to the commissioner orany other person in the course of any market conduct actions made pursuant tothis article, or in the course of market analysis by the commissioner of themarket conditions of an insurer, or obtained by the National Association ofInsurance Commissioners as a result of any of the provisions of this article,shall be confidential by law and privileged, shall not be subject to subpoena,and shall not be subject to discovery or admissible in evidence in any privatecivil action.

(b)  No waiver of any applicable privilege or claimof confidentiality in the documents, materials, or information shall occur as aresult of disclosure to the commissioner under this section.

(c)  Market conduct surveillance personnelshall be vested with the power to issue subpoenas and examine insurer personnelunder oath when such action is ordered by the commissioner.

(d)  Notwithstanding any other law to thecontrary, the commissioner may:

(1)  Share documents, materials, or other information,including confidential and privileged documents, materials, or informationsubject to subsection (a), with other state, federal, and internationalregulatory agencies, law enforcement authorities, and the National Associationof Insurance Commissioners and its affiliates and subsidiaries; provided thatthe recipient agrees to and has the legal authority to maintain theconfidentiality and privileged status of the documents, materials,communications, or other information;

(2)  Receive documents, materials, communications, orinformation, including otherwise confidential and privileged documents,materials, or information, from the National Association of InsuranceCommissioners and its affiliates or subsidiaries, and from regulatory and lawenforcement officials of other foreign or domestic jurisdictions, and shallmaintain as confidential or privileged any document, material, or informationreceived with notice or the understanding that it is confidential or privilegedunder the laws of the jurisdiction that is the source of the document,material, or information; and

(3)  Enter into agreements governing the sharing anduse of information consistent with this subsection.

(e)  No insurer shall be compelled to disclosean insurance compliance self-evaluative audit document or waive any statutoryor common law privilege, but may voluntarily disclose such document to thecommissioner in response to any market analysis, market conduct action, orexamination as provided in this article.

(f)  To encourage insurance companies andpersons conducting activities regulated under this code, both to conductvoluntary internal audits of their compliance programs and management systemsand to access and improve compliance with state and federal statutes, rules,and orders, an insurance compliance self-evaluative privilege is recognized toprotect the confidentiality of communication relating to voluntary internalcompliance with this State's insurance and other laws and that the public willbenefit from incentives to identify and remedy insurance and other complianceproblems.  It is further declared that limited expansion of the protectionagainst disclosure will encourage voluntary compliance and improve insurancemarket conduct quality and that the voluntary provisions of this section willnot inhibit the exercise of the regulatory authority by those entrusted withprotecting insurance consumers.

  (g)(1)  Except as provided in subsections (h) and (i), aninsurance compliance self-evaluative audit is privileged information and is notdiscoverable or admissible as evidence in any legal action in any civil,criminal, or administrative proceeding. The privilege created herein is amatter of substantive law of this State and is not merely a procedural mattergoverning civil or criminal procedures in the courts of this State;

(2)  If any company, person, or entity performs ordirects the performance of an insurance compliance audit, an officer, employeeor agent involved with the insurance audit, or any consultant who is hired forthe purpose of performing the insurance compliance audit may not be examined inany civil, criminal, or administrative proceeding as to the insurancecompliance audit or any insurance compliance self-evaluative audit document, asdefined in this section.  This subsection does not apply if the privilege set forthin subsection (g)(1) of this section is determined under subsection (h) or (i)not to apply;

(3)  A company may voluntarily submit, in connectionwith examinations conducted under this article, an insurance complianceself-evaluative audit document to the commissioner or the commissioner'sdesignee, as a confidential document under this section without waiving theprivilege set forth in this section to which the company would otherwise beentitled; provided, however, that the provisions in this section permitting thecommissioner to make confidential documents public pursuant to this section andaccess to the National Association of Insurance Commissioners shall not applyto the insurance compliance self-evaluative audit document under otherprovisions of applicable law, any such report furnished to the commissionershall not be provided to any other persons or [entities] and shall be accordedthe same confidentiality and other protections as provided above forvoluntarily submitted documents.  Any use of an insurance complianceself-evaluative audit document furnished as a result of the inappropriatetreatment of customers has been remedied or that an appropriate plan for theirremedy is in place.

A company's insurance complianceself-evaluative audit document submitted to the commissioner shall remainsubject to all applicable statutory or common law privileges including, but notlimited to, the work product doctrine, attorney-client privilege, or thesubsequent remedial measures exclusion.

Any compliance self-evaluative auditdocument so submitted and in the possession of the commissioner shall remainthe property of the company and shall not be subject to any disclosure orproduction under chapter 92;

(4)  Disclosure of an insurance compliance self-evaluativeaudit document to a governmental agency, whether voluntary or pursuant tocompulsion of law, shall not constitute a waiver of the privilege set forth insubsection (g)(1) with respect to any other persons or any other governmentalagencies;

  (h)(1)  The privilege set forth in subsection (g) doesnot apply to the extent that it is expressly waived by the company thatprepared or caused to be prepared the insurance compliance self-evaluativeaudit document;

(2)  In a civil or administrative proceeding, a courtof record, after an in camera review, may require disclosure of material forwhich the privilege set forth in subsection (g) is asserted, if the courtdetermines one of the following:

(A)  The privilege is asserted for a fraudulentpurpose; or

(B)  The material is not subject to theprivilege;

(3)  In a criminal proceeding, a court of record,after an in camera review, may require disclosure of material for which theprivilege described in subsection (g) is asserted, if the court determines oneof the following:

(A)  The privilege is asserted for a fraudulentpurpose;

(B)  The material is not subject to theprivilege; or

(C)  The material contains evidence relevant tocommission of a criminal offense under this code, and all three of the followingfactors are present:

(i)  The commissioner or attorney general has acompelling need for the information; and

(ii)  The information is not otherwise available;and

(iii)  The commissioner or attorney general isunable to obtain the substantial equivalent of the information by any othermeans without incurring unreasonable cost and delay.

  (i)(1)  Within thirty days after the commissioner orattorney general serves on an insurer a written request by certified mail fordisclosure of an insurance compliance self-evaluative audit document under thissubsection, the company that prepared or caused the document to be prepared mayfile with the appropriate court a petition requesting an in camera hearing onwhether the insurance compliance self-evaluative audit document or portions ofthe document are privileged or subject to disclosure.  Failure by the companyto file a petition waives the privilege for this request only;

(2)  A company asserting the insurance complianceself-evaluative privilege in response to a request for disclosure under thissubsection shall include in its request for an in camera hearing all of theinformation set forth in subsection (i)(5);

(3)  Upon the filing of a petition under thissubsection, the court shall issue an order scheduling, within forty-five daysafter the filing of the petition, an in camera hearing to determine whether theinsurance compliance self-evaluative audit document or portions of the documentare privileged under this section or subject to disclosure;

(4)  The court, after an in camera review, may requiredisclosure of material for which the privilege in subsection (g) is asserted ifthe court determines, based upon its in camera review, that any one of theconditions set forth in subsection (h)(2)(A) and (B) is applicable as to acivil or administrative proceeding or that any one of the conditions set forthin subsection (h)(3)(A) through (C) is applicable as to a criminal proceeding. Upon making such a determination, the court may only compel the disclosure ofthose portions of an insurance compliance self-evaluative audit documentrelevant to issues in dispute in the underlying proceeding.  Any compelleddisclosure will not be considered to be a public document or be deemed to be awaiver of the privilege for any other civil, criminal, or administrativeproceeding.  A party unsuccessfully opposing disclosure may apply to the courtfor an appropriate order protecting the document from further disclosure;

(5)  A company asserting the insurance compliance self-evaluativeprivilege in response to a request for disclosure under this subsection shallprovide to the commissioner or attorney general, as the case may be, at thetime of filing any objection to the disclosure, all of the followinginformation:

(A)  The date of the insurance complianceself-evaluative audit document;

(B)  The identity of the entity conducting theaudit;

(C)  The general nature of the activitiescovered by the insurance compliance audit; or

(D)  An identification of the portions of theinsurance compliance self-evaluative audit document for which the privilege isbeing asserted.

  (j)(1)  A company asserting the insurance complianceself-evaluative privilege set forth in subsection (g) has the burden ofdemonstrating the applicability of the privilege.  Once a company hasestablished the applicability of the privilege, the party seeking disclosureunder subsection (h)(2)(A) has the burden of proving that the privilege isasserted for a fraudulent purpose. The commissioner or attorney generalseeking disclosure under subsection (h)(3) has the burden of proving theelements set forth in subsection (h)(3);

(2)  The parties may at any time stipulate inproceedings under subsection (h) or (i) to entry of an order directing thatspecific information contained in an insurance compliance self-evaluative auditdocument is or is not subject to the privilege provided under subsection (g). Any such stipulation may be limited to the instant proceeding and, absentspecific language to the contrary, shall not be applicable to any otherproceeding.

(k)  The privilege set forth in subsection (g)shall not extend to any of the following:

(1)  Documents, communications, data, reports, orother information expressly required to be collected, developed, maintained, orreported to a regulatory agency pursuant to this code, or other federal or statelaw;

(2)  Information obtained by observation or monitoringby any regulatory agency; or

(3)  Information contained from a source independentof the insurance compliance audit.

(l)  As used in this section:

"Insurance compliance audit" means avoluntary, internal evaluation, review, assessment, audit, or investigation forthe purpose of identifying or preventing non-compliance with, or promotingcompliance with laws, regulations, orders, or industry or professionalstandards, which is conducted by or on behalf of a company licensed orregulated under this code, or which involves an activity regulated under this code.

"Insurance compliance self-evaluativeaudit document" means documents prepared as a result of or in connectionwith an insurance compliance audit.  An insurance compliance self-evaluativeaudit document may include, but is not limited to, as applicable, field notesand records of observations, findings, opinions, suggestions, conclusions,drafts, memoranda, drawings, photographs, exhibits, computer-generated orelectronically recorded information, phone records, maps, charts, graphs, andsurveys, provided this supporting information is collected or developed for theprimary purpose and in the course of an insurance compliance audit.  Aninsurance compliance self-evaluative audit document also includes, but is notlimited to, any of the following:

(1)  An insurance compliance audit report prepared byan auditor, who may be an employee of the company or an independent contractor,which may include the scope of the audit, the information gained in the audit,and conclusions and recommendations, with exhibits and appendices;

(2)  Memoranda and documents analyzing portions or allof the insurance compliance audit report and discussing potentialimplementation issues;

(3)  An implementation plan that addresses correctingpast non-compliance, improving current compliance, and preventing futurenon-compliance; or

(4)  Analytic data generated in the course ofconducting the insurance compliance audit.

(m)  The insurance compliance self-evaluativeprivilege created by this legislation shall apply to all litigation oradministrative proceedings pending [on July 1, 2007].

(n)  Nothing in this section nor the release ofany self-evaluative audit document hereunder shall limit, waive, or abrogatethe scope or nature of any statutory or common law privilege including, but notlimited to, the work product doctrine, the attorney-client privilege, or thesubsequent remedial measures exclusion. [L 2007, c 227, pt of §1]

 

Revision Note

 

  "On July 1, 2007" substituted for "at theeffective date of this legislation".