Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · Pennsylvania · Title 40 — INSURANCE · Chapter 45

§ 4532. Exemptions.

291 words·~1 min read·/pa/title-40/chapter-45/4532

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

§ 4532. Exemptions.
(a)Licensee criteria.-- A licensee meeting any of the following criteria shall be exempt from sections 4512 (relating to risk assessment), 4513 (relating to information security program), 4514 (relating to corporate oversight), 4515 (relating to oversight of third-party service provider arrangements) and 4516 (relating to certification):
(1)The licensee has fewer than 10 employees.
(2)The licensee has less than $5,000,000 in gross revenue.
(3)The licensee has less than $10,000,000 in year-end total assets.
(b)Federal law.-- A licensee that is subject to and governed by the privacy, security and breach notification rules issued by the United States Department of Health and Human Services under 45 CFR Pts. 160 (relating to general administrative requirements) and 164 (relating to security and privacy), established in accordance with the Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191, 110 Stat. 1936) and the Health Information Technology for Economic and Clinical Health Act (Public Law 111-5, 123 Stat. 226-279 and 467-496), and which maintains nonpublic information in the same manner as protected health information shall be deemed to comply with the requirements of this chapter except for the notification requirements of section 4518(a),
(b)and
(c)(relating to notification of cybersecurity event).
(c)Employees, agents, representatives and designees.-- An employee, agent, representative or designee of a licensee, who is also a licensee, shall be exempt from sections 4512, 4513, 4514, 4515 and 4516 and need not develop its own information security program to the extent that the employee, agent, representative or designee is covered by the information security program of the other licensee.
(d)Compliance.-- If a licensee ceases to qualify for an exemption under this section, the licensee shall have 180 days to comply with this chapter.
40c4533s
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.