What Rules Govern The Electronic Storage of Insurance Records?

In keeping with the theme of last week’s blog post, I thought it would be a good idea to inform my readers of the requirements that govern the electronic storage of insurance records.  The electronic storage of such records, combined with the ability to quickly search such records on an agency’s management system, can result in increased efficiency within an agency’s office, and when access to that system from outside the office is possible, can provide significant additional benefits to its producers and other employees who frequently work outside the office.  By creating this capability, an agency will have achieved the MoClo of SoMoClo.

The requirements for the electronic storage of records are found in Georgia’s Uniform Electronic Transactions Act (the “Act”), which applies to all transactions that occurred on and after July 1, 2009 and any electronic records first created on or after that date.   The provisions of this Act are explored in some detail in an article I wrote regarding what must be done in order for an insurance policy to be delivered electronically.  (If a bill that is currently pending in the Georgia legislature is enacted into law, the reservations expressed in that article about the ability to deliver an insurance policy electronically will have been resolved.)  If the requirements of the Act are not followed, then an electronic record will have no legal validity and any requirement that record be kept will not have been satisfied.

All Georgia insurance agents are required to keep certain records regarding each insurance transaction in which they are involved for a period of at least five years after the transaction is completed or the term of any contract (i.e., the policy) involved in that transaction expires, whichever is longer.  In addition, for E&O exposure purposes, agencies and agents should be keeping these and other records for a minimum of six years after the expiration of the insurance policy in question.  (Click here for an article that discusses these subjects in detail.)

The Act permits the electronic retention of any record required by law to be retained if the electronic record “(1) accurately reflects the information set forth in the record after it was first generated in its final form as an electronic record or otherwise; and (2) remains accessible for the retention period required by law.”  In this situation, “remains accessible” means that you are able to create a hard copy from the electronic record that is identical to the original hard copy document at all times during the required time period.  This would include any signatures on the original document.  The Act permits the Georgia Insurance Commissioner to adopt regulations that impose additional requirements on the electronic storage of records subject to his jurisdiction, but to date, no such regulations have been adopted.

Given the length of the above  time periods and the fast changing nature of the electronic storage of documents (it was not that long ago that were using floppy disks for this purpose), agencies and agents should make sure that the storage process used will allow the documents to be “readily accessible” for those time periods.  The Act permits the use of third party services (e.g., in “the cloud”) to electronically store documents.  However, if an agency or agent intends to store their records “in the cloud” and thereby, fully embrace MoClo, there are security considerations that will need to be addressed in order to satisfy the responsibility to keep confidential personally identifiable information of an agency’s or agent’s customers.