When conducting business with Ohio consumers all licensees must make safeguarding nonpublic information a top priority. The Ohio Department of Insurance has long required licensees follow reporting and mitigation procedures when data loss does occur (R.C. 3904.13, Bulletin 2009-12 - Loss of Control of Policyholder Information).

Recently enacted Ohio Revised Code, Chapter 3965 bolsters data loss reporting requirements and adds a requirement for some licensees to develop and maintain an information security program.

Guidance for Safeguarding Nonpublic Data

• Statement of Compliance with HIPAA Privacy & Security Rules Guidance Document
• Frequently Asked Questions
• HIPAA Compliance Statement
• Information Security Program Certification/Exemption
• Reporting a Loss of Nonpublic Information 

Questions can be emailed to INSINFOSEC@insurance.ohio.gov.
 
Sign up to receive email notifications when this webpage is updated with new information.
Click to subscribe