KLS Keeping Law Simple Legislation in plain English

Straight-ahead summaries built from the official bill text. We keep the source links front and center and leave the decision up to you.

Back to Maine

LD378 • 2025

An Act to Clarify That Health Insurers Must Comply with Plan Sponsors' Statutory Rights to Audit Claims and Data Requests Related to Those Audits

An Act to Clarify That Health Insurers Must Comply with Plan Sponsors' Statutory Rights to Audit Claims and Data Requests Related to Those Audits

Enacted

This bill passed the Legislature and reached final enactment based on the latest official action.

Sponsor
Senator Donna Bailey
Last action
2026-04-13
Official status
Signed by the Governor (Emergency Measure)
Effective date
Not listed

Plain English Breakdown

Using official source text because the generated explanation was unavailable or could not be confirmed against the official bill text.

An Act to Clarify That Health Insurers Must Comply with Plan Sponsors' Statutory Rights to Audit Claims and Data Requests Related to Those Audits

An Act to Clarify That Health Insurers Must Comply with Plan Sponsors' Statutory Rights to Audit Claims and Data Requests Related to Those Audits Sponsor: Senator Donna Bailey Reference committee: Health Coverage, Insurance and Financial Services Governor action: Signed by the Governor (Emergency Measure)

What This Bill Does

  • An Act to Clarify That Health Insurers Must Comply with Plan Sponsors' Statutory Rights to Audit Claims and Data Requests Related to Those Audits Sponsor: Senator Donna Bailey Reference committee: Health Coverage, Insurance and Financial Services Governor action: Signed by the Governor (Emergency Measure)

Limits and Unknowns

  • This entry is temporarily using official source text because the generated explanation could not be confirmed against the official bill text during the last sync.

Amendments

These notes stay tied to the official amendment files and metadata from the legislature.

Adopted by House & Senate

Plain English: Page 1 - 132LR0726(02) COMMITTEE AMENDMENT 1 L.D.

  • Page 1 - 132LR0726(02) COMMITTEE AMENDMENT 1 L.D.
  • 378 2 Date: (Filing No.
  • S- ) 3HEALTH COVERAGE, INSURANCE AND FINANCIAL SERVICES 4 Reproduced and distributed under the direction of the Secretary of the Senate.
  • 5STATE OF MAINE 6SENATE 7132ND LEGISLATURE 8SECOND REGULAR SESSION 9 COMMITTEE AMENDMENT “ ” to S.P.

Bill History

  1. 2026-04-13 Governor

    Signed by the Governor (Emergency Measure)

  2. 2026-04-07 House

    This being an emergency measure, a two-thirds vote of all the members elected to the House was necessary. PASSED TO BE ENACTED . Sent for concurrence. ORDERED SENT FORTHWITH.

  3. 2026-04-07 Senate

    PASSED TO BE ENACTED - Emergency - 2/3 Elected Required, in concurrence.

  4. 2026-04-02 Committee

    Reported Out; OTP-AM

  5. 2026-03-18 Committee

    Work Session Held

  6. 2026-03-18 Committee

    Voted; OTP-AM

  7. 2025-05-19 Committee

    Carry Over Approved

  8. 2025-05-16 Committee

    Carry Over Requested

  9. 2025-05-15 Committee

    Work Session Held; TABLED

  10. 2025-02-04 Committee

    Referred to Committee on Health Coverage, Insurance and Financial Services.

Official Summary Text

An Act to Clarify That Health Insurers Must Comply with Plan Sponsors' Statutory Rights to Audit Claims and Data Requests Related to Those Audits
Sponsor:
Senator Donna Bailey
Reference committee:
Health Coverage, Insurance and Financial Services
Governor action:
Signed by the Governor (Emergency Measure)

Current Bill Text

Read the full stored bill text 
Page 1 - 132LR0726(03)
STATE OF MAINE
_____
IN THE YEAR OF OUR LORD
TWO THOUSAND TWENTY-SIX
_____
S.P. 135 - L.D. 378
An Act to Clarify That Health Insurers Must Comply with Plan Sponsors'
Statutory Rights to Audit Claims and Data Requests Related to Those Audits
Emergency preamble. Whereas, acts and resolves of the Legislature do not
become effective until 90 days after adjournment unless enacted as emergencies; and
Whereas, current law requires 3rd-party administrators of health plans to grant plan
sponsors certain audit rights and to provide the requisite medical and pharmacy data to
conduct those audits; and
Whereas, this legislation clarifies that law to ensure that health insurers administering
health plans on behalf of plan sponsors are considered administrators and must comply
with a plan sponsor's statutory right to audit claims and data requests related to those audits;
and
Whereas, this legislation needs to take effect without delay so that plan sponsors can
include these audit rights in contracts with administrators that are being renewed, amended
or entered into prior to the 2027 plan year; and
Whereas, in the judgment of the Legislature, these facts create an emergency within
the meaning of the Constitution of Maine and require the following legislation as
immediately necessary for the preservation of the public peace, health and safety; now,
therefore,
Be it enacted by the People of the State of Maine as follows:
Sec. 1. 24-A MRSA §1914, sub-§2, as enacted by PL 2025, c. 487, §1, is amended
to read:
2. Claims data; right to audit. An administrator that contracts with a plan sponsor
to provide health coverage shall permit a plan sponsor to perform a post-payment audit of
all claims paid to ensure compliance with the contract at least once in a calendar year as
long as the request is not earlier than 6 months following a previously requested audit.
Upon request of a plan sponsor as part of an audit, an administrator shall disclose within
30 business days to a plan sponsor that has certified its compliance with the use and
disclosure requirements of 45 Code of Federal Regulations, Section 164.504(f) or, to the
extent permitted by law and if requested by the plan sponsor, to the plan sponsor's plan's
APPROVED
APRIL 13, 2026
BY GOVERNOR
CHAPTER
652
PUBLIC LAW
Page 2 - 132LR0726(03)
designated business associate the following information specific to the plan sponsor
sponsor's plans:
A. Claims data received by the administrator via electronic claims transactions on any
current standardized claim form approved by the Federal Government for professional
services or institutional services. The form or transaction may be modified only as
necessary to comply with the federal Health Insurance Portability and Accountability
Act of 1996, Public Law 104-191;
B. Claims payments, electronic funds transfers or remittance advice notices provided
by the administrator as electronic files compliant with the federal Health Insurance
Portability and Accountability Act of 1996, Public Law 104-191, including, but not
limited to, electronic claims transactions for both the billed amount and the paid
amount for professional services and both the billed amount and the paid amount for
institutional services. The files may be modified only as necessary to comply with the
federal Health Insurance Portability and Accountability Act of 1996, Public Law
104‑191, and the federal Health Information Technology for Economic and Clinical
Health Act of 2009, Title XIII, Subtitle D, Public Law 111-5, and any regulations
promulgated under those laws;
C. Any fees charged to the plan sponsor related to plan administration and claims
processing, including renegotiation fees, access fees, repricing fees or enhanced review
fees; and
D. Any out-of-network fees or out-of-network negotiated discounts, aligned incentive
program fees, pay-for-performance payments and recoveries, cost-containment
program fees, overpayment recovery program fees, subrogation fees and any other
special program fees and discounts.
Sec. 2. 24-A MRSA §1914, sub-§4, as enacted by PL 2025, c. 487, §1, is amended
to read:
4. Nondisclosure and data use agreement. An administrator may require that the
plan sponsor and the plan sponsor's designated business associate execute a nondisclosure
and data use agreement that protects the confidentiality of the administrator's trade secrets,
proprietary information or information otherwise confidential by law, rule or regulation
before data is provided in accordance with this section and that reasonably restricts the
auditor's use of such data provided by the administrator to the sole purpose of conducting
an audit on behalf of a plan sponsor. The coverage limits of any cybersecurity insurance or
liability insurance policy required under the nondisclosure and data use agreement may not
exceed the administrator's limit of liability under the services agreement between the plan
sponsor and the administrator, if such limit applies. Except for the coverage limits of any
cybersecurity insurance or liability insurance policy, this subsection is not intended to limit
the inclusion in a nondisclosure and data use agreement of reasonable requirements
regarding notice, indemnification or liability for the unauthorized disclosure or security
breach of data in the possession of the plan sponsor or its designated business associate
pursuant to this section. In addition, an administrator is not required to provide data to an
auditor selected by a plan sponsor if the auditor has previously breached a nondisclosure
and data use agreement with that administrator or refuses to execute a nondisclosure and
data use agreement.
Sec. 3. 24-A MRSA §1914, sub-§4-A is enacted to read:
Page 3 - 132LR0726(03)
4-A. Liability for disclosure of protected information. A plan sponsor or a plan
sponsor's designated business associate who receives information from an administrator
pursuant to this section shall notify the administrator of any unauthorized disclosure or
security breach of the following information in the possession of the plan sponsor or its
designated business associate immediately upon discovery of the unauthorized disclosure
or security breach of:
A. Personal information as defined in Title 10, section 1347, subsection 6;
B. Protected health information in violation of any applicable requirements of the
federal Health Insurance Portability and Accountability Act of 1996, Public Law
104-191, and any regulations promulgated under that law;
C. Electronic protected health information as defined in the federal Health Information
Technology for Economic and Clinical Health Act of 2009, Title XIII, Subtitle D,
Public Law 111-5, and any regulations promulgated under that law; or
D. Nonpublic information as defined in section 2263, subsection 10.
Sec. 4. 24-A MRSA §1914, sub-§5-A is enacted to read:
5-A. Certain persons acting as administrators included. Notwithstanding section
1901, subsection 1, paragraphs D and E, for the purposes of this section, an administrator
subject to the requirements of this section includes any person who, on behalf of a plan
sponsor, receives or collects charges, contributions or premiums for or adjusts or settles
claims on residents of this State in connection with any type of health benefit.
Sec. 5. 24-A MRSA §4347, sub-§1-A is enacted to read:
1-A. Administrator. "Administrator" includes, notwithstanding section 1901,
subsection 1, paragraphs D and E, any person who, on behalf of a plan sponsor, receives or
collects charges, contributions or premiums for or adjusts or settles claims on residents of
this State in connection with any type of health benefit.
Sec. 6. 24-A MRSA §4347, sub-§18-A, as enacted by PL 2025, c. 487, §2, is
amended to read:
18-A. Plan sponsor. "Plan sponsor" has the same meaning as in section 1901,
subsection 8, except that "plan sponsor" does not include an employer a person that offers
or provides a health plan benefit that is fully insured by an insurer authorized to do transact
insurance business in this State.
Sec. 7. 24-A MRSA §4349-B, sub-§2, as enacted by PL 2025, c. 487, §3 and
reallocated by RR 2025, c. 1, Pt. A, §34, is amended to read:
2. Claims data; right to audit. Notwithstanding section 4350‑C, a pharmacy benefits
manager that contracts with a plan sponsor to provide prescription drug coverage shall
permit a plan sponsor to perform a post-payment audit of claims paid to ensure compliance
with the contract at least once in a calendar year as long as the request is not earlier than 6
months following a previously requested audit. Upon request of a plan sponsor as part of
an audit, a pharmacy benefits manager shall disclose within 30 business days to a plan
sponsor who has certified its compliance with the use and disclosure requirements of 45
Code of Federal Regulations, Section 164.504(f), or, to the extent permitted by law and if
Page 4 - 132LR0726(03)
requested by the plan sponsor, to the plan sponsor's plan's designated business associate the
following information specific to the plan sponsor sponsor's plans:
A. Rebate amounts, identified by the drug and therapeutic category, secured on
prescription drugs provided by a pharmaceutical manufacturer that are generated by
claims processed through the plan maintained by the plan sponsor and administered by
the pharmacy benefits manager;
B. Prescription drug and device claims received by the pharmacy benefits manager via
electronic claims transactions on any current standardized claim form approved by the
Federal Government for these services. The form or transaction may be modified only
as necessary to comply with the federal Health Insurance Portability and
Accountability Act of 1996, Public Law 104-191, and the federal Health Information
Technology for Economic and Clinical Health Act of 2009, Title XIII, Subtitle D,
Public Law 111‑5, and any regulations promulgated under those laws;
C. Prescription drug and device claims payments, electronic funds transfers or
remittance advice notices provided by the pharmacy benefits manager as electronic
files. The files may be modified only as necessary to comply with the federal Health
Insurance Portability and Accountability Act of 1996, Public Law 104-191, and the
federal Health Information Technology for Economic and Clinical Health Act of 2009,
Title XIII, Subtitle D, Public Law 111-5, and any regulations promulgated under those
laws; and
D. Any other revenue and fees derived by the pharmacy benefits manager from the
contract, including all direct or indirect remuneration from pharmaceutical
manufacturers regardless of whether the remuneration is classified as a rebate, fee or
other classification.
Sec. 8. 24-A MRSA §4349-B, sub-§4, as enacted by PL 2025, c. 487, §3 and
reallocated by RR 2025, c. 1, Pt. A, §34, is amended to read:
4. Nondisclosure and data use agreement. A pharmacy benefits manager may
require that the plan sponsor and the plan sponsor's designated business associate execute
a nondisclosure and data use agreement that protects the confidentiality of the pharmacy
benefits manager's trade secrets, proprietary information or information otherwise
confidential by law, rule or regulation before data is provided in accordance with this
section and that reasonably restricts the auditor's use of such data provided by the pharmacy
benefits manager to the sole purpose of conducting an audit on behalf of a plan sponsor.
The coverage limits of any cybersecurity insurance or liability insurance policy required
under the nondisclosure and data use agreement may not exceed the pharmacy benefits
manager's limit of liability under the services agreement between the plan sponsor and the
pharmacy benefits manager, if such limit applies. Except for the coverage limits of any
cybersecurity insurance or liability insurance policy, this subsection is not intended to limit
the inclusion in a nondisclosure and data use agreement of reasonable requirements
regarding notice, indemnification or liability for the unauthorized disclosure or security
breach of data in the possession of the plan sponsor or its designated business associate
pursuant to this section. In addition, a pharmacy benefits manager is not required to provide
data to an auditor selected by a plan sponsor if the auditor has previously breached a
nondisclosure and data use agreement with that pharmacy benefits manager or refuses to
execute a nondisclosure and data use agreement.
Page 5 - 132LR0726(03)
Sec. 9. 24-A MRSA §4349-B, sub-§4-A is enacted to read:
4-A. Liability for disclosure of protected information. A plan sponsor or a plan
sponsor's designated business associate who receives information from a pharmacy benefits
manager pursuant to this section shall notify the pharmacy benefits manager of any
unauthorized disclosure or security breach of the following information in the possession
of the plan sponsor or its designated business associate immediately upon discovery of the
unauthorized disclosure or security breach of:
A. Personal information as defined in Title 10, section 1347, subsection 6;
B. Protected health information in violation of any applicable requirements of the
federal Health Insurance Portability and Accountability Act of 1996, Public Law
104-191, and any regulations promulgated under that law;
C. Electronic protected health information as defined in the federal Health Information
Technology for Economic and Clinical Health Act of 2009, Title XIII, Subtitle D,
Public Law 111-5, and any regulations promulgated under that law; or
D. Nonpublic information as defined in section 2263, subsection 10.
Sec. 10. Effective date. This Act takes effect July 1, 2026.
Emergency clause. In view of the emergency cited in the preamble, this legislation
takes effect when approved.