431:2D-107 Confidentiality requirements.

HI Rev Stat § 431:2D-107 (2019) (N/A)
Copy with citation
Copy as parenthetical citation

§431:2D-107 Confidentiality requirements. (a) Except as otherwise provided by law, market conduct surveillance personnel shall have free and full access to all books and records, employees, officers, and directors, as practicable, of the insurer during regular business hours. An insurer using a third-party model or product for any of the activities under examination shall provide, upon the request of market conduct surveillance personnel, the details of those models or products to those personnel. All documents, whether from a third party or an insurer, including but not limited to working papers, third-party models or products, complaint logs, and copies thereof, created, produced, or obtained by or disclosed to the commissioner or any other person in the course of any market conduct actions made pursuant to this article, or in the course of market analysis by the commissioner of the market conditions of an insurer, or obtained by the National Association of Insurance Commissioners as a result of any of the provisions of this article, shall be confidential by law and privileged, shall not be subject to subpoena, and shall not be subject to discovery or admissible in evidence in any private civil action.

(b) No waiver of any applicable privilege or claim of confidentiality in the documents, materials, or information shall occur as a result of disclosure to the commissioner under this section.

(c) Market conduct surveillance personnel shall be vested with the power to issue subpoenas and examine insurer personnel under oath when such action is ordered by the commissioner.

(d) Notwithstanding any other law to the contrary, the commissioner may:

(1) Share documents, materials, or other information, including confidential and privileged documents, materials, or information subject to subsection (a), with other state, federal, and international regulatory agencies, law enforcement authorities, and the National Association of Insurance Commissioners and its affiliates and subsidiaries; provided that the recipient agrees to and has the legal authority to maintain the confidentiality and privileged status of the documents, materials, communications, or other information;

(2) Receive documents, materials, communications, or information, including otherwise confidential and privileged documents, materials, or information, from the National Association of Insurance Commissioners and its affiliates or subsidiaries, and from regulatory and law enforcement officials of other foreign or domestic jurisdictions, and shall maintain as confidential or privileged any document, material, or information received with notice or the understanding that it is confidential or privileged under the laws of the jurisdiction that is the source of the document, material, or information; and

(3) Enter into agreements governing the sharing and use of information consistent with this subsection.

(e) No insurer shall be compelled to disclose an insurance compliance self-evaluative audit document or waive any statutory or common law privilege, but may voluntarily disclose such document to the commissioner in response to any market analysis, market conduct action, or examination as provided in this article.

(f) To encourage insurance companies and persons conducting activities regulated under this code, both to conduct voluntary internal audits of their compliance programs and management systems and to access and improve compliance with state and federal statutes, rules, and orders, an insurance compliance self-evaluative privilege is recognized to protect the confidentiality of communication relating to voluntary internal compliance with this State's insurance and other laws and that the public will benefit from incentives to identify and remedy insurance and other compliance problems. It is further declared that limited expansion of the protection against disclosure will encourage voluntary compliance and improve insurance market conduct quality and that the voluntary provisions of this section will not inhibit the exercise of the regulatory authority by those entrusted with protecting insurance consumers.

(g)(1) Except as provided in subsections (h) and (i), an insurance compliance self-evaluative audit is privileged information and is not discoverable or admissible as evidence in any legal action in any civil, criminal, or administrative proceeding. The privilege created herein is a matter of substantive law of this State and is not merely a procedural matter governing civil or criminal procedures in the courts of this State;

(2) If any company, person, or entity performs or directs the performance of an insurance compliance audit, an officer, employee, or agent involved with the insurance audit, or any consultant who is hired for the purpose of performing the insurance compliance audit may not be examined in any civil, criminal, or administrative proceeding as to the insurance compliance audit or any insurance compliance self-evaluative audit document, as defined in this section. This subsection does not apply if the privilege set forth in paragraph (1) is determined under subsection (h) or (i) not to apply;

(3) A company may voluntarily submit, in connection with examinations conducted under this article, an insurance compliance self-evaluative audit document to the commissioner or the commissioner's designee, as a confidential document under this section without waiving the privilege set forth in this section to which the company would otherwise be entitled; provided that the provisions in this section permitting the commissioner to make confidential documents public pursuant to this section and access to the National Association of Insurance Commissioners shall not apply to the insurance compliance self-evaluative audit document under other provisions of applicable law, any such report furnished to the commissioner shall not be provided to any other persons or entities and shall be accorded the same confidentiality and other protections as provided above for voluntarily submitted documents. Any use of an insurance compliance self-evaluative audit document shall be limited to determining whether or not any disclosed defects in an insurer's policies and procedures or inappropriate treatment of customers has been remedied or that an appropriate remedy is in place.

A company's insurance compliance self-evaluative audit document submitted to the commissioner shall remain subject to all applicable statutory or common law privileges including, but not limited to, the work product doctrine, attorney-client privilege, or the subsequent remedial measures exclusion.

Any compliance self-evaluative audit document so submitted and in the possession of the commissioner shall remain the property of the company and shall not be subject to any disclosure or production under chapter 92F;

(4) Disclosure of an insurance compliance self-evaluative audit document to a governmental agency, whether voluntary or pursuant to compulsion of law, shall not constitute a waiver of the privilege set forth in paragraph (1) with respect to any other persons or any other governmental agencies.

(h)(1) The privilege set forth in subsection (g) does not apply to the extent that it is expressly waived by the company that prepared or caused to be prepared the insurance compliance self-evaluative audit document;

(2) In a civil or administrative proceeding, a court of record, after an in camera review, may require disclosure of material for which the privilege set forth in subsection (g) is asserted, if the court determines one of the following:

(A) The privilege is asserted for a fraudulent purpose; or

(B) The material is not subject to the privilege;

(3) In a criminal proceeding, a court of record, after an in camera review, may require disclosure of material for which the privilege described in subsection (g) is asserted, if the court determines one of the following:

(A) The privilege is asserted for a fraudulent purpose;

(B) The material is not subject to the privilege; or

(C) The material contains evidence relevant to commission of a criminal offense under this code, and all three of the following factors are present:

(i) The commissioner or attorney general has a compelling need for the information; and

(ii) The information is not otherwise available; and

(iii) The commissioner or attorney general is unable to obtain the substantial equivalent of the information by any other means without incurring unreasonable cost and delay.

(i)(1) Within thirty days after the commissioner or attorney general serves on an insurer a written request by certified mail for disclosure of an insurance compliance self-evaluative audit document under this subsection, the company that prepared or caused the document to be prepared may file with the appropriate court a petition requesting an in camera hearing on whether the insurance compliance self-evaluative audit document or portions of the document are privileged or subject to disclosure. Failure by the company to file a petition waives the privilege for this request only;

(2) A company asserting the insurance compliance self-evaluative privilege in response to a request for disclosure under this subsection shall include in its request for an in camera hearing all of the information set forth in subsection (i)(5);

(3) Upon the filing of a petition under this subsection, the court shall issue an order scheduling, within forty-five days after the filing of the petition, an in camera hearing to determine whether the insurance compliance self-evaluative audit document or portions of the document are privileged under this section or subject to disclosure;

(4) The court, after an in camera review, may require disclosure of material for which the privilege in subsection (g) is asserted if the court determines, based upon its in camera review, that any one of the conditions set forth in subsection (h)(2)(A) and (B) is applicable as to a civil or administrative proceeding or that any one of the conditions set forth in subsection (h)(3)(A) through (C) is applicable as to a criminal proceeding. Upon making such a determination, the court may only compel the disclosure of those portions of an insurance compliance self-evaluative audit document relevant to issues in dispute in the underlying proceeding. Any compelled disclosure will not be considered to be a public document or be deemed to be a waiver of the privilege for any other civil, criminal, or administrative proceeding. A party unsuccessfully opposing disclosure may apply to the court for an appropriate order protecting the document from further disclosure;

(5) A company asserting the insurance compliance self-evaluative privilege in response to a request for disclosure under this subsection shall provide to the commissioner or attorney general, as the case may be, at the time of filing any objection to the disclosure, all of the following information:

(A) The date of the insurance compliance self-evaluative audit document;

(B) The identity of the entity conducting the audit;

(C) The general nature of the activities covered by the insurance compliance audit; or

(D) An identification of the portions of the insurance compliance self-evaluative audit document for which the privilege is being asserted.

(j)(1) A company asserting the insurance compliance self-evaluative privilege set forth in subsection (g) has the burden of demonstrating the applicability of the privilege. Once a company has established the applicability of the privilege, the party seeking disclosure under subsection (h)(2)(A) has the burden of proving that the privilege is asserted for a fraudulent purpose. The commissioner or attorney general seeking disclosure under subsection (h)(3) has the burden of proving the elements set forth in subsection (h)(3);

(2) The parties may at any time stipulate in proceedings under subsection (h) or (i) to entry of an order directing that specific information contained in an insurance compliance self-evaluative audit document is or is not subject to the privilege provided under subsection (g). Any such stipulation may be limited to the instant proceeding and, absent specific language to the contrary, shall not be applicable to any other proceeding.

(k) The privilege set forth in subsection (g) shall not extend to any of the following:

(1) Documents, communications, data, reports, or other information expressly required to be collected, developed, maintained, or reported to a regulatory agency pursuant to this code, or other federal or state law;

(2) Information obtained by observation or monitoring by any regulatory agency; or

(3) Information contained from a source independent of the insurance compliance audit.

(l) As used in this section:

"Insurance compliance audit" means a voluntary, internal evaluation, review, assessment, audit, or investigation for the purpose of identifying or preventing non-compliance with, or promoting compliance with laws, regulations, orders, or industry or professional standards, which is conducted by or on behalf of a company licensed or regulated under this code, or which involves an activity regulated under this code.

"Insurance compliance self-evaluative audit document" means documents prepared as a result of or in connection with an insurance compliance audit. An insurance compliance self-evaluative audit document may include, but is not limited to, as applicable, field notes and records of observations, findings, opinions, suggestions, conclusions, drafts, memoranda, drawings, photographs, exhibits, computer-generated or electronically recorded information, phone records, maps, charts, graphs, and surveys, provided this supporting information is collected or developed for the primary purpose and in the course of an insurance compliance audit. An insurance compliance self-evaluative audit document also includes, but is not limited to, any of the following:

(1) An insurance compliance audit report prepared by an auditor, who may be an employee of the company or an independent contractor, which may include the scope of the audit, the information gained in the audit, and conclusions and recommendations, with exhibits and appendices;

(2) Memoranda and documents analyzing portions or all of the insurance compliance audit report and discussing potential implementation issues;

(3) An implementation plan that addresses correcting past non-compliance, improving current compliance, and preventing future non-compliance; or

(4) Analytic data generated in the course of conducting the insurance compliance audit.

(m) The insurance compliance self-evaluative privilege created by this legislation shall apply to all litigation or administrative proceedings pending [on July 1, 2007].

(n) Nothing in this section nor the release of any self-evaluative audit document hereunder shall limit, waive, or abrogate the scope or nature of any statutory or common law privilege including, but not limited to, the work product doctrine, the attorney-client privilege, or the subsequent remedial measures exclusion. [L 2007, c 227, pt of §1; am L 2016, c 141, §2]