MIB is subject to a myriad of laws governing the use of consumer reports and addressing the privacy of individually identifiable information (information that is associated with individuals). In addition, MIB is deeply committed to providing its services to member life and health insurance companies in a manner that allows their full compliance with applicable laws protecting the privacy and security of consumer information. By providing our Checking Service, MIB is a "nationwide specialty consumer reporting agency" subject to the federal Fair Credit Reporting Act ("FCRA"). This classification signifies that MIB is a "consumer reporting agency" that issues "consumer reports" that are not credit reports. Since 1974, MIB has required all members to comply with its rules as they relate to the FCRA regardless if the member is a United States or Canadian domiciled insurance company. Because MIB's operations are regulated as a consumer reporting agency under FCRA, it provides both Canadian and U.S. consumers with the rights, protections and privileges available under FCRA without any differentiation based on residence, citizenship or other nexus. In short, MIB conducts its operations throughout North America with a consistently high degree of confidentiality and security.
Because MIB member companies are governed by the Gramm-Leach-Bliley Act ("GLBA"), the Health Insurance Portability and Accountability Act ("HIPAA") and numerous state privacy laws, including the NAIC Model Insurance Information and Privacy Act and the Massachusetts regulation entitled "Standards for the Protection of Personal Information of Residents of the Commonwealth," and Canadian members are governed by the Personal Information Protection and Electronic Documents Act ("PIPEDA") and equivalent provincial laws, MIB conducts its business in a manner that allows its members to comply with such laws.
Under HIPAA, MIB is a Business Associate of members engaged in the business of certain types of health insurance (Covered Entities) and, accordingly, MIB has certain privacy and security obligations and restrictions regarding Protected Health Information. Under the Health Information Technology for Economic and Clinical Health Act ("HITECH," effective Feb. 2010), MIB has implemented administrative, physical and technical safeguards that meet the requirements of the HIPAA Security Rule, as well as written policies and procedures that meet the requirements of both the Privacy Rule and the Security Rule.