Insurance Data Security Act Signed into Law

On Wednesday, July 31, 2019, Governor John C. Carney, Jr., signed House Bill 174 (“HB 174”) into law. Titled the Delaware Insurance Data Security Act, this law is based on an NAIC Model Act, which establishes a comprehensive regulatory framework requiring insurers licensed to do business in Delaware to implement information security programs, report instances of data breaches in a prescribed timely manner to the Commissioner and consumers, and empowers the Department of Insurance to investigate violations of the Act and levy penalties accordingly.

HB 174’s prime sponsors were Representative William Bush, Chair of the House Economic Development, Banking, Insurance & Commerce Committee, and Senator Trey Paradee, also of Dover, and Chair of the Senate Business, Banking & Insurance Committee. Additional sponsors include a bipartisan roster of Representative Krista Griffith, Chair of the House Telecommunication, Internet & Technology Committee, Senate Majority Leader Nicole Poore, Senators Brian Pettyjohn and David Sokola, and Representatives Paul Baumbach, Sherry Dorsey Walker, Timothy Dukes, Sean Matthews, Ray Seigfried, and Michael Smith.

Regarding Governor Carney’s signing of the bill into law, Delaware Insurance Commissioner Trinidad Navarro remarked on how the Act will enhance consumer protection in Delaware.

“When hardworking consumers entrust their personal information to their insurance companies, they have a reasonable expectation that their carriers will do everything they can to safeguard that information,” stated Navarro. “Over the past several years, we have seen time and again consumers’ information be compromised or stolen by hackers’ cyber threats to insurers. By codifying a regulatory standard that requires all insurance licensees in Delaware to implement information security programs and timely report data breaches to the Department and consumers, HB 174 enhances Delaware’s consumer protection measures to hold companies accountable and give consumers the peace of mind that they deserve. I thank Governor Carney and the General Assembly for recognizing the importance of this legislation and enacting it into law.”

Prior to the implementation of this law, there were no standards for insurance companies to follow regarding protection of consumers’ data, and notifying the Department. Historically, when an insurer determined that a data breach had occurred, notification to the Department of Insurance was delayed, sometimes by several months. Notably, this Act accomplishes the following:

  1. Requires insurance companies to implement information security programs and conduct risk assessments to try to prevent data breaches and compromising of consumers’ Nonpublic Information and personal data;
  2. Requires insurers to conduct thorough investigations to determine if a cybersecurity event or data breach may have occurred and whose data may have been compromised;
  3. Notify the Insurance Commissioner within three (3) business days of determining that a data breach or cybersecurity event has occurred;
  4. Mandates that insurers notify all impacted consumers within sixty (60) days of the determination that their data has or may have been compromised;
  5. Requires that insurers offer free credit monitoring services for one year to consumers impacted by breaches; and
  6. Endows the Commissioner with the power to investigate the affairs of any insurer to determine whether they have been engaged in any conduct in violation of this Act and take action accordingly.

“In our fast-paced, technology-driven society, we have to take the necessary steps to put strong consumer protections and data security in place. Data breaches are personal, comprising critical information and forcing an individual to rebuild their entire lives,” said Rep. William Bush, chief sponsor of HB 174. “Instituting a framework with safeguards to protect Delawareans from insurance data breaches is the right thing to do. This comprehensive legislation enhances consumers’ data privacy and protection, with the ultimate goal of giving them peace of mind and security.”

“Insurance companies hold some of the most sensitive information about our residents, but until now had no state-mandated rules to follow for protecting that data or reporting hacks to consumers,” said Sen. Trey Paradee, the bill’s prime Senate sponsor. “While we can’t stop every data breach, we can – and must – do more to ensure that insurance companies are taking steps to protect Delawareans’ private data and notify customers when their information is compromised. Delaware Insurance Commissioner Trinidad Navarro deserves a lot of credit for bringing this matter to our attention and working with us to get this legislation passed.”

Work on enhancing insurance data security began after the Anthem data breach in 2015, in which hackers compromised nearly 80 million individuals’ personal information. Since then, there have been 15 insurance data breaches with Delawareans impacted, the most recent one involving Dominion National, a dental insurance carrier. The number of Delawareans impacted during the breaches during that period of time ranged from one policyholder to over 95,000 policyholders.

HB 174 passed the House on June 13, 2019, with 40 ‘yes’ votes. The bill cleared its final hurdle on June 26, 2019, with the Delaware Senate voting unanimously in favor. Consumers and producers who have questions about the new law are encouraged to contact the Department of Insurance’s Consumer Services Division at (302) 674-7310 or by email.

 


Former Sussex County Doctor Indicted for Insurance Fraud

Dover, DE  – Dr. Jean Vertus Laine, 42, formerly of Peoples Wellness Center, 556 South DuPont Highway, Milford Delaware, was indicted on Monday, July 8th, 2019 by a Sussex County Grand Jury, following an investigation by the DOI Fraud Prevention Unit. The indictment alleges that between August and October of 2017,  Doctor Jean Laine fraudulently billed two insurance companies for treatments that were never performed, to include chiropractic manipulations and electronic stimulation. As of the time of this release, Dr. Laine has not been arrested.

###

The Delaware Department of Insurance protects Delawareans through regulation and education while providing oversight of the insurance industry to best serve the public.

Contact:        Vince Ryan

Sr. Advisor to the Commissioner

Vince.ryan@delaware.gov

Office: 302.674.7303


Health Insurance Rates Decrease 5.8%

July 1, 2019 

Dover, DE—Highmark Blue Cross Blue Shield of Delaware (Highmark BCBS) has submitted its required annual rate filing to the Delaware Department of Insurance. After years of substantial increases, Delaware’s Marketplace has stabilized and premiums have decreased. Highmark BCBS, the only insurer continuing to offer insurance coverage in Delaware’s individual market, has proposed a 5.8% decrease for 2020. The proposed 2020 rate decrease will affect over 20,000 Delawareans.

The decrease comes after last year’s 3% rate increase and the Department’s decision to silver load. By applying the rate increase to silver level plans only, a practice known as ‘silver-loading,’ Delaware’s Marketplace received more federal subsidies, helping to assist in stabilizing the market and lowering premiums.

Commissioner Trinidad Navarro stated, “The silver loading strategy is something my staff and I gave careful consideration to last year, in anticipation that it would result in rate stabilization or possibly a decrease.  While I am happy that we will see a decrease in the proposed rate, health insurance remains unaffordable for many Delawareans who do not qualify for premium subsidies. We are committed to reviewing the proposed rate decrease with the same careful analysis that we would give any rate proposal, whether it be an increase or decrease.  I expect to announce the approved rate later this summer.”

It is important to note, that the proposed rate decrease is unrelated to Delaware’s intended submission of a 1332 Waiver to establish a reinsurance program. If the application process is successful, the actuarial consultant’s projections are correct, and the State of Delaware secures adequate funding, the waiver program may decrease rates by an additional 20%.

                                                                                           ###

The Delaware Department of Insurance protects Delawareans through regulation and education while providing oversight of the insurance industry to best serve the public.

 

Contact:

Vince Ryan

Sr. Advisor to the Commissioner

Vince.ryan@delaware.gov

Office: 302-674-7303


Data Breach – 95,000 Delawareans Impacted

June 26, 2019

DOVER, DE – The Delaware Department of Insurance recently received notice of a data security breach suffered by Dominion National, an insurer and administrator of dental and vision benefits. On April 24, 2019, through its investigation of an internal alert, Dominion National discovered that servers containing enrollment data, demographic details, and personal information of consumers, plan producers, and healthcare providers may have been accessed by an unauthorized party. The investigation determined that the unauthorized access may have occurred as early as August 25, 2010. Dominion National advised the Department of Insurance that they responded immediately by cleaning the affected servers and initiating a comprehensive review of data stored on or potentially accessible from the servers.

Commissioner Trinidad Navarro stated, “Upon receiving notice of this breach, I asked that our market conduct division begin an investigation to learn all of the facts behind this incident.  The Department of Insurance will determine if appropriate safeguards were in place, and if private consumer information was handled properly.”

On June 17, 2019, the comprehensive review determined that the potentially compromised information might include the following data: names, addresses, dates of birth, email addresses, Social Security numbers, taxpayer identification number, bank account and routing numbers, member ID numbers, group numbers, and subscriber names of what amounts to 10% of Delaware’s population. This number reflects those who are current or former members of Dominion National or of insurance plans administered through Dominion National. It is important to note that some affected by the data breach may not have had a plan through Dominion National, but had a plan for which Dominion National was the third-party administrator.

According to Dominion National, there is “no evidence that any information was in fact accessed, acquired, or misused.” The company has implemented enhanced monitoring and alerting software and is providing 2 years of free credit monitoring and fraud protection services for all individuals potentially impacted by the incident. Dominion National has posted a security notice online at dominionnationalfacts.com. Additional help and information can be obtained from the company’s dedicated incident response line at 877-503-8923.  TTY/TDD users can call 844-261-6819. The dedicated incident response line is open Monday through Friday, 8 a.m. to 8 p.m.

###

The Delaware Department of Insurance protects Delawareans through regulation and education while providing oversight of the insurance industry to best serve the public.

 

Contact:

Vince Ryan

Sr. Advisor to the Commissioner

Vince.ryan@delaware.gov

Office: 302-674-7303

Mobile: 302-387-7670


Sussex County Woman Arrested for Insurance Fraud

 Sussex County Woman Arrested for Insurance Fraud

June 14, 2019

DOVER, DE – Arlene Belfield, 51, of Lincoln DE, was arrested on Thursday, June 13th, 2019 by Capital Police, following an investigation by the Delaware Department of Insurance Fraud Prevention Bureau.

The charges allege that in November, 2017, Arlene Belfield, pretending to be her terminally ill mother, contacted AAA Insurance by phone to obtain a $50,000 Life Insurance policy with the intent to defraud. To facilitate this fraud, the charges allege that Arlene Belfield used her mother’s personal identifying information without her consent. Arlene Belfield attempted to collect on the policy two days after her mother’s death, with the sole beneficiary of the policy being Arlene Belfield. Upon review, AAA Insurance suspected that an imposter submitted the application. It is further alleged that Arlene Belfield knew that her mother’s death was imminent when she submitted the application to the insurance company.  Belfield was charged with insurance fraud, identity theft, forgery 2nd degree and crime against a vulnerable adult.  She was arraigned in Superior Court and released on her own recognizance.

If you know of insurance fraud taking place, report it to the Delaware Department of Insurance at 302-674-7350, or email fraud@delaware.gov.

  ###

Contact: Vince Ryan

Office: (302) 674-7303

Email: vince.ryan@delaware.gov

 

                                                         

 

Delaware Department of Insurance