(b) AS 21.23.240 — 21.23.399 do not apply to a licensee subject to the Health Insurance Portability and Accountability Act of 1996 (P.L. 104-191) if the licensee
- (1) has established and maintains an information security program under statutes, regulations, procedures, or guidelines established under the Health Insurance Portability and Accountability Act of 1996 (P.L. 104-191);
- (2) is in compliance with the statutes, regulations, procedures, and guidelines established under the Health Insurance Portability and Accountability Act of 1996 (P.L. 104-191); and
- (3) submits to the director a written statement certifying that the licensee is in compliance with the statutes, regulations, procedures, and guidelines established under the Health Insurance Portability and Accountability Act of 1996 (P.L. 104-191).