Yes, Virginia, There is an “Insurance Compliance Self-Evaluative Privilege”

In 1897, 8-year-old Virginia O’Hanlon sent a letter to the editor of the New York Sun newspaper asking if Santa Claus existed.  The paper’s editor, Francis Pharcellus Church, responded in an Virginniaeditorial declaring “Yes, Virginia, there is a Santa Claus.”  You may read about this story on the Newseum’s website, accessible here.

While no one has asked a newspaper (or me) whether there is an Insurance Compliance Self-Evaluative Privilege, I am certain the legal public has this question on its collective mind.  So, I will end everyone’s anxiety by stating, yes, Virginia, there is an Insurance Compliance Self-Evaluative Privilege, but only in certain states.

Model Act

In 1988, the National Conference of Insurance Legislators (NCOIL) adopted a model act titled Insurance Compliance Self-Evaluative Privilege Model Act, which you can access here. The purpose of this act is to encourage insurance companies conducting activities regulated by a state insurance agency to conduct voluntary internal audits of their compliance with state and federal regulations.

The Privilege

To further this purpose, the act creates an evidentiary privilege that protects from discovery an “insurance compliance self-evaluative audit document,” which the act broadly defines as documents prepared as a result of or in connection with an insurance compliance audit.  The privilege specifically covers an audit report prepared by an auditor, memoranda analyzing all or portions of the insurance-compliance audit, discussions of implementation issues, and implementation plans that address correcting past non-compliance or preventing future non-compliance.

The privilege also precludes the examination in any civil, criminal, or administrative proceeding an insurance company’s employee or consultant hired for the purpose of conducting an insurance-compliance audit.


The privilege does not protect documents, communications, data, reports, and other information that an insurance agency expressly requires the insurance company to collect, develop, or maintain. There are two exceptions to the privilege: when asserted for a fraudulent purpose or the self-audit contains evidence relevant to the commission of a criminal offense.

Selective Waiver

The model act includes a selective-waiver provision that permits the insurance company to voluntarily disclose self-audits without fear that the disclosure will constitute privilege waiver in subsequent state litigation.   And to the extent that a state insurance agency has authority to compel a self-audit, this disclosure likewise does not operate as a privilege waiver in subsequent litigation.

An unanswered yet significant issue, however, is whether federal courts would adhere to the state-law selective waiver provision or rule that disclosure to a state insurance agency amounts to privilege waiver.  Fed. R. Evid. 502(a) is of no help because it applies only to disclosures to federal agencies.

Where Does the Privilege Apply?

Several legislatures have adopted, in some form, the Insurance Compliance Self-Evaluative Privilege, including Arizona, District of Columbia, GeorgiaHawaii, Illinois, Kansas, Michigan, New Jersey, North Dakota, Oklahoma, and Oregon.  The Washington Legal Foundation issued an advocacy piece, which you may access here, that outlines benefits of the privilege in today’s regulatory environment.

Is this privilege on your state legislature’s radar?

Selective Waiver Doctrine Rejected in FCA Case: K–Mart Must Disclose Work Product Data to Relator

In a case that should teach us all a lesson, the USDC for the S.D. of Illinois ruled that K–Mart waived its work product protections over attorney-created data when it disclosed the data to HHS investigators. The Court rejected K–Mart’s selective waiver argument and compelled it to produce the data in a False Claim Act civil action. United States v. Kmart Corp., 2014 WL 2218758 (S.D. Ill. May 29, 2014).Cooperation and privilege You may read the opinion here.

Risky Decision?

In 2009, the OIG for the Dep’t of Health and Human Services conducted an investigation into K–Mart’s alleged improper Medicare claims. In response to an OIG subpoena, K–Mart produced a substantial amount of documents culled from 25 custodians, and its legal team also created and produced a subset of transaction data in a simpler format.  K-Mart and HHS entered into a confidentiality agreement prior to the production, but the agreement did not specifically address attorney–client privilege or work-product concerns.

In the False Claim Act action, K–Mart produced the custodial documents, but refused to produce the subset of data on grounds that the work-product doctrine protected this attorney-created subset from production.

Selective Waiver?                                                 

K–Mart urged the Court to apply the selective waiver doctrine, arguing that it encourages corporations to cooperate with government investigators. While finding cooperation laudable, the Court “most pointedly” reminded K–Mart that “the attorney client privilege and work product doctrines do not exist to foster full and frank conversation with the government.”

The Court noted that the majority of federal circuits reject the selective waiver doctrine, and found that K–Mart should have known that producing the attorney-created data to the government waived any work-product protections. In fairly strong language, the Court said that “it is incumbent upon attorneys anticipating or involved in litigation to take appropriate steps to closely guard confidential information” and that “K–Mart should not be permitted to ‘pick and choose’ to which adversary it waives work product protection and which adversary does not.”

The Court commented that “disclosure of protected attorney work product is a strategic litigation decision” and found that K–Mart made a strategic calculation that the benefit of appearing cooperative with a government investigation outweighed the risk of waiver.

Would a Confidentiality Agreement Work?

The Court noted one federal-court decision, Lawrence E. Jaffee Pension Plan v. Household Int’l, Inc., 244 FRD 412 (N.D. Ill. 2006), held that the defendant did not waive work-product protections upon disclosure to the SEC because it had a confidentiality agreement with the SEC stating that disclosure did not waive the privilege and work-product protections.

But the K–mart case is different. While K–Mart secured a confidentiality agreement with HHS, it did not mention privilege or work-product protections. And the Court indicated that, even if the agreement mentioned those protections, the agreement would not affect its decision.

PoP Analysis

This case illustrates the peril companies under investigation face when responding to government subpoenas or document requests. While some federal statutes provide selective waiver protections in financial services investigations, the majority view under federal common law is that there is no selective waiver doctrine—disclosure of documents to an investigative body waives the privilege in existing or subsequent civil actions. And while it is certainly better to have a confidentiality agreement with the government agency, those agreements may not withstand the waiver tide.

Privilege Protection and the CFPB—Part III 2


The Dodd–Frank Act established the Bureau of Consumer Financial Protection (CFPB) to regulate certain financial institutions and related entities subject to various consumer financial-protection laws.  The CFPB takes the position that its broad oversight and enforcement authority includes the authority to require supervised institutions to disclose privileged information.  In July 2012, the CFPB issued a rule purportedly anointing selective waiver protection for privileged information that it compelled from supervised institutions.  And in December 2012, Congress expanded USDCDCthe banking selective waiver statute to include the CFPB.

But questions remain. Does the CFPB have authority to compel privileged information? Do the federal selective waiver provisions provide total protection? Will these issues promote or reduce supervised institutions desire to engage in frank and candid legal discussions? Will these issues ever receive a court resolution?

PoP examines these issues in a three-part blog post.  Part I, accessible here, addresses whether the CFPB actually has authority to compel privileged information.  Part II, accessible here, addresses the import of 2012 federal selective waiver regulations and statutes.  This final post, Part III, discusses a recently filed case, Pisinski v. CFPB, which may place these issues center stage for resolution.

Part III

It is questionable whether the CFPB, despite its assertions, has statutory authority to require supervised institutions to produce privileged information. The recently enacted selective waiver statute provides institutions with some comfort that disclosure of privileged information will not constitute privilege waiver.  The issue will likely remain open until a supervised institution actually challenges the CFPB’s authority to require privileged information. But a case challenging the constitutionality of the Dodd–Frank Act provision creating the CFPB may offer an avenue through which a court addresses the issue.

While the Dodd–Frank Act provides the CFPB with broad authority, there is an exclusion for the practice of law.  Section 1027(e) of the Act provides that the CFPB may not exercise any supervisory or enforcement authority with respect to an activity engaged in by an attorney as part of the practice of law under the laws of a state.  The plaintiffs in Pisinski v. CFPB, filed in the U.S.D.C. for the District of Columbia, seek to declare the CFPB unconstitutional, but alternatively seeks a declaration that demanding privileged information violates the 10th Amendment and Section 1027(e).  The complaint is accessible here.

Pisinski is a Connecticut solo practitioner who represents low-income debtors in bankruptcy matters.  She outsources her paralegal and support staff to Morgan Drexen.  As part of her practice, Pisinski, sometimes using staff contracted from Morgan Drexen, seeks to negotiate her clients’ debts to avoid filing bankruptcy.

The CFPB issued a Civil Investigative Demand to Morgan Drexen seeking information about its relationship with attorneys, like Pisinski, that provide settlement services ancillary to their legal representation.  The request for information demanded that Morgan Drexen produce, in part, privileged information between Pisinski and her clients.

The Pisinski complaint does not directly seek a ruling that the CFPB has no authority to require production of privileged information.  Nor does it directly challenge the selective waiver statutes (12 USC §§1821(t)(2) & 1828(x)) enacted in 2012.  But the allegations challenging the CFPB’s ability to wade into the practice of law—which is governed by state law—may bring these issues to the forefront.

Attorneys may not disclose privileged information without client consent.  And state ethical rules also impose broader confidentiality duties on attorneys that prohibit them from disclosing client information without consent.  Arguably, if the CFPB requires supervised institutions to produce privileged information, then it is operating in the practice-of-law area that Section 1027(e) prohibits and that the Pisinski suit claims the Tenth Amendment reserves to the states.

CFPB supervision and enforcement activities present important yet unresolved privilege issues.  May the CFPB require production? Are the selective waiver statutes adequate to protect against privilege waiver if a supervised institution discloses privileged information? Will a supervised institution ever challenge the CFPB’s authority?  Perhaps the Pisinski case provides an alternative avenue for raising and resolving this issue.  It is certainly a case worth following.