Health plans and clearinghouses are already subject to the privacy and security requirements of HIPAA, but under the Cybersecurity Bill of Rights adopted by a task force of the National Association of Insurance Commissioners (NAIC) on October 14, all insurance companies and agents and their contractors would be subject to expanded cybersecurity requirements similar to those in HIPAA. NAIC President Monica Lindeen said in a statement, Cybersecurity is one of the biggest challenges facing businesses today and this is one of our associations key priorities.
Insurance industry participants have raised concerns that the Bill of Rights suggests requirements that go beyond what is currently required in many states. Such concerns will be continue to be raised as the Bill of Rights goes through the NAIC approval process to be included in model laws for adoption by states. Until a model law is adopted by a state, the Bill of Rights will have no force of law and the various interested parties, such as insurance companies, agents and their businesses, will be able to play a role in that adoption process.