Insurance Data Security Act All-Other Compliance Certification

The Maine Insurance Data Security Act, 24-A M.R.S. §§ 2261 – 2272, allows the following types of entities to certify to the Superintendent that they have in place and follow certain federal privacy and breach notification requirements:
  • Under § 2269(2)(A), any Licensee subject to and compliant with HIPAA and HITECH
  • Under § 2269(2)(B), any insurance producer business entity owned by a depository institution that maintains an information security program in compliance with GLBA.
These certifications are due by April 15 each year.

Maine domestic insurance carriers should use the form titled “Maine Domestic Carrier Compliance Certification” even if they are using the § 2269(2)(A) HIPAA/HITECH safe harbor.

*Required - Required fields have an asterisk beside the field name. You will not be able to submit your form until all required fields are completed. When your report has been successfully submitted, you will receive an immediate confirmation. If you do not receive this confirmation, then there is an error. 
Licensee Certification* I hereby certify that the licensee named above is (Check applicable):

A. Subject to and in compliance with the federal Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 and related privacy, security and breach notification regulations pursuant to 45 C.F.R., Parts 160 and 164 and the federal Health Information Technology for Economic and Clinical Health Act, Public Law 111-5; and maintains a program for information security and breach notification that treats all information relating to consumers in the State of Maine in the same manner as protected health information.

B. An insurance producer business entity licensed pursuant to 24-A M.R.S. § 1420-E; is owned by a depository institution that maintains an information security program in compliance with the standards for safeguarding customer information as set forth pursuant to the federal Gramm-Leach-Bliley Act, 15 U.S.C. §§ 6801 and 6805; and upon the Superintendent’s request will produce information that independently validates the controlling depository institution’s adoption of an information security program that satisfies the standards for safeguarding customer information.

 

I further certify that:

  • the Licensee has authorized me to execute this certification,
  • I have read and understand the statements in this certification, and
  • these statements are true and complete to the best of my knowledge and belief.
Job Title*

 

If your report has been successfully submitted, you will receive an immediate confirmation. If you do not receive this confirmation, then there is an error. Please make sure all Required* fields are complete.