44-5805. Transaction records; requirements; access by director; ownership.

(1) Every third-party administrator shall maintain and make available to the insurer complete records of all transactions performed on behalf of the insurer. The records shall be maintained in accordance with prudent standards of insurance record keeping and shall be maintained for a period of not less than five years from the date of their creation. In the event the insurer and the third-party administrator cancel their written agreement, the third-party administrator may, by written agreement with the insurer, transfer all records to a new third-party administrator rather than retain them for five years. In such cases, the new third-party administrator shall acknowledge, in writing, that it is responsible for retaining the records of the prior third-party administrator as required in this subsection.

(2)(a) The director shall have access to records maintained by a third-party administrator for the purposes of examination, audit, and inspection. Any trade secrets contained in such records, including the identity and addresses of policyholders, contract holders, certificate holders, and subscribers, shall be kept confidential, except that the director may use such information in any proceeding instituted against the third-party administrator and as set forth in subdivisions (2)(b) and (c) of this section.

(b) Records relating to a third-party administrator maintained by the director may be provided to other state, federal, foreign, and international regulatory and law enforcement agencies and the National Association of Insurance Commissioners and its affiliates and subsidiaries if the recipient agrees in writing to maintain the confidentiality of the records.

(c) The director may receive records maintained by a third-party administrator from other state, federal, foreign, or international regulatory and law enforcement agencies and from the National Association of Insurance Commissioners and its affiliates and subsidiaries. The director shall maintain as confidential or privileged records received pursuant to this subdivision with notice or the understanding that they are confidential or privileged under the laws of the jurisdiction that is the source of the information. Such information shall not be a public record subject to disclosure by the director pursuant to sections 84-712 to 84-712.09, subject to subpoena, subject to discovery, or admissible in evidence in any private civil action, except that the director may use such information in any regulatory or legal action brought by the director. The director, and any other person while acting under the authority of the director who has received information pursuant to this subdivision, may not, and shall not be required to, testify in any private civil action concerning any information subject to this section. Nothing in this section shall constitute a waiver of any applicable privilege or claim of confidentiality in the information received pursuant to this subdivision as a result of information sharing authorized by this section.

(3) The insurer shall own the records generated by the third-party administrator pertaining to the insurer; however, the third-party administrator shall retain the right to continuing access to records to permit the third-party administrator to fulfill all of its contractual obligations to policyholders, contract holders, certificate holders, subscribers, claimants, and the insurer.

Source