Govern · Insurance AI Governance
Can an insurance agency or TPA use AI with claims and policyholder data?
June 2026 · Jason Lee
Yes. Nothing in insurance regulation prohibits using large language models with policyholder information. What the regime punishes is the current default: CSRs and adjusters pasting claim details into personal AI accounts, outside every carrier agreement and data-security obligation the firm has signed.
Insurance is quietly one of the most layered environments for this question, because an agency or TPA answers to three masters at once: state regulators, the carriers whose paper it writes or administers, and its own E&O exposure. The architecture has to satisfy all three. Here is what it looks like.
What you actually answer to
- State insurance data-security laws. Most states have adopted data-security requirements for licensees modeled on the NAIC’s framework — an information security program, vendor oversight, and breach notification duties that follow nonpublic information wherever it flows. An AI vendor handling policyholder data is a third-party service provider under that program, which means due diligence, contractual safeguards, and monitoring. New York’s cybersecurity regulation for financial services entities runs on the same logic with sharper teeth.
- Carrier agreements. Your producer or administration agreements almost certainly contain confidentiality and data-handling obligations. Policyholder data flowing to an unvetted AI vendor is a contract question before it is a regulatory one — and the carrier relationship is the business.
- Emerging AI-specific expectations. State regulators have begun adopting guidance on insurers’ use of AI, built around governance, accountability, and the ability to explain outcomes. The direction of travel is unambiguous: written AI programs, vendor diligence, human accountability for decisions affecting insureds.
- E&O reality. An AI-drafted coverage summary that misstates a policy term is an errors-and-omissions claim with a timestamp. Human review before anything reaches an insured is not compliance decoration; it is the loss-prevention control.
Familiar pattern: no new rulebook, just your existing obligations applied to a vendor category your staff adopted first.
The reference architecture
The design principle: policyholder data never leaves your compliance boundary — due diligence and a DPA extend the boundary to the vendor, and licensed judgment stays between the model and the insured.
Zone 1 — Your systems. The agency management system or claims platform, carrier portals and feeds, the claims/FNOL intake queue, and the producers, CSRs, and adjusters who work them.
Zone 2 — The AI gateway. Every AI request passes through a control layer you own: SSO and role-based access; data minimization that strips what the task doesn’t need (a policy-language question doesn’t need the insured’s identity attached); a use-case allowlist mapped to your information security program and carrier obligations; and a complete, attributed log of every prompt and response — the record your security program, your carriers, and your E&O counsel will each eventually want.
Zone 3 — The LLM provider, under DPA and due diligence. Enterprise API endpoint, completed vendor diligence, signed data processing agreement, zero data retention, no training on your data, encryption in transit and at rest — verified in the data processing terms of the tier you are actually on.
The return path. Output routes back through the gateway, gets logged, and lands in front of a licensed human before it reaches an insured, a claim file, or a carrier. Coverage questions, claim communications, and anything touching an adverse decision get human judgment, full stop.
And the blocked lane. Personal accounts, free tiers, browser extensions: no DPA, no record, a vendor-oversight violation in progress. Blocked by policy and network controls, with the gateway as the sanctioned alternative your staff will actually use.
The five conditions, as a checklist
- Vendor due diligence and a signed DPA with every AI vendor touching policyholder data — filed where your information security program says it should be
- Zero-retention, no-training configuration, verified in the vendor’s terms — not assumed
- A gateway you control: SSO, role-based access, data minimization, allowlisted use cases
- Complete prompt/response logging, attributable to individuals
- Licensed-staff review before AI output reaches an insured, a claim file, or a carrier
Where agencies and TPAs get this wrong
- The silent default. The CSR summarizing a messy claim file in a free AI tool is saving forty minutes and creating a reportable event. The usage exists today; the visibility doesn’t.
- DPA-by-assumption. Consumer and enterprise tiers of the same product carry different retention and training terms. Verify the tier in use.
- Carrier-blindness. Passing your state security review means little if the data flow breaches a carrier agreement. Read your producer agreements with AI in mind; almost nobody has.
- Automating the adverse path. Anything resembling a claim denial or coverage restriction produced without human judgment is exactly what regulators’ AI guidance targets. Automate the paperwork, never the adverse decision.
What this makes possible
With the architecture in place, the highest-ROI workflows are the ones burying your staff: FNOL and claims-intake summarization, policy comparison and renewal prep, certificate processing, submission and quote-request assembly, and claim-status correspondence — measured in staff hours recovered per week, each with licensed review where it counts.
This article describes a reference architecture, not legal or compliance advice. Requirements vary by state and by carrier agreement; your counsel and compliance lead own the final call — this is the material to bring them.