Insurance Data Security Act Maine Domestic Carrier Compliance Certification

The Maine Insurance Data Security Act, 24-A M.R.S. §§ 2261 – 2272, requires each Maine domestic insurance carrier to certify its compliance with the Act’s § 2264 information security program requirements.  Carriers may certify their compliance under § 2264(9) or, if they are subject to and compliant with HIPAA/HITECH, under § 2269(2)(A).  IDSA defines the following entities to be insurance carriers: 

•     entities that must be licensed in order to assume risk, such as insurers, nonprofit hospitals, medical or health care service organizations, health maintenance organizations, and multiple employer welfare arrangements;

•     self-funded health plans under § 2848-A;

•     preferred provider arrangement administrators under § 2671; and

•     third-party administrators under § 1901, providing services for non-carrier entities.

This certification is due by April 15 each year. 

If you are not one of the types of entities described above, or if Maine is not your state of domicile, do not use this form.

*Required - Required fields have an asterisk beside the field name. You will not be able to submit your form until all required fields are completed. When your report has been successfully submitted, you will receive an immediate confirmation. If you do not receive this confirmation, then there is an error. 

Licensee Certification*
I hereby certify that the licensee named above is (Check applicable box):
An insurance carrier duly organized under the laws of the State of Maine and is in compliance with the requirements of the Information Security Program set forth in 24-A M.R.S. § 2264; will maintain for examination by the Superintendent all records, schedules and data supporting this certification for a period of 5 years from the date submitted; and, to the extent the carrier has identified areas, systems, or processes requiring material improvement, updating, or redesign, will document the identification and the remedial efforts planned and underway to address those areas, systems or processes. The Licensee will make this documentation available for the Superintendent’s inspection upon request. This certification is submitted on behalf of these Maine domestic carriers in the same holding company system.
An insurance carrier duly organized under the laws of the State of Maine and is subject to and in compliance with the federal Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 and related privacy, security and breach notification regulations pursuant to 45 C.F.R., Parts 160 and 164 and the federal Health Information Technology for Economic and Clinical Health Act, Public Law 111-5; and maintains a program for information security and breach notification that treats all information relating to consumers in the State of Maine in the same manner as protected health information.
If you are submitting this certification on behalf of other Maine domestic carriers, please enter the names of those carriers here. If not, please enter N/A. 

I further certify that:

  • the Licensee has authorized me to execute this certification,
  • I have read and understand the statements in this certification, and
  • these statements are true and complete to the best of my knowledge and belief.

 If your report has been successfully submitted, you will receive an immediate confirmation. If you do not receive this confirmation, then there is an error. Please make sure all Required* fields are complete and that the email and email confirmation entries match.