(1) Except as otherwise provided in this section, an insurance compliance self-evaluative audit document is privileged information and is not discoverable or admissible as evidence in a civil, criminal, or administrative proceeding.

    (2) Except as otherwise provided in this section, a person involved in preparing an insurance compliance self-evaluative audit or insurance compliance self-evaluative audit document is not subject to examination concerning the audit or audit document in a civil, criminal, or administrative proceeding. However, if the insurance compliance self-evaluative audit, insurance compliance self-evaluative audit document, or a portion of the audit or audit document is not privileged, the individual involved in the preparation of the audit or audit document may be examined concerning the portion of the audit or audit document that is not privileged. A person involved in preparing an insurance compliance self-evaluative audit or insurance compliance self-evaluative audit document who becomes aware of an alleged criminal violation of this act shall report the act to the insurer. Within 30 days after receiving the report, the insurer shall provide the information to the director.

    (3) The director shall not provide an insurance compliance self-evaluative audit document, furnished to the director voluntarily or as a result of a request of the director under a claim of authority to compel disclosure under subsection (7), to any other person. The insurance compliance self-evaluative audit document must be accorded the same confidentiality and other protections as provided in section 222(7) without waiving the privileges in subsections (1) and (2). Any use of an insurance compliance self-evaluative audit document furnished voluntarily or as a result of a request of the director under a claim of authority to compel disclosure under subsection (7) is limited to determining whether or not any disclosed defects in an insurer's policies and procedures or inappropriate treatment of customers has been remedied or that an appropriate plan for remedy is in place.

    (4) An insurance compliance self-evaluative audit document submitted to the director remains subject to all applicable statutory or common law privileges including, but not limited to, the work product doctrine, attorney-client privilege, or the subsequent remedial measures exclusion. An insurance compliance self-evaluative audit document submitted to the director remains the property of the insurer and is not subject to disclosure under the freedom of information act, 1976 PA 442, MCL 15.231 to 15.246.

    (5) Disclosure of an insurance compliance self-evaluative audit document to a governmental agency, whether voluntary or pursuant to compulsion of law, does not constitute a waiver of the privileges under subsections (1) and (2) with respect to any other person or other governmental agency.

    (6) The privileges under subsections (1) and (2) do not apply to the extent that they are expressly waived by the insurer that prepared or caused to be prepared the insurance compliance self-evaluative audit document.

    (7) The privileges in subsections (1) and (2) do not apply as follows:

    (a) If a court, after an in camera review, requires disclosure in a civil or administrative proceeding after determining 1 or more of the following:

    (i) The privilege is asserted for a fraudulent purpose.

    (ii) The material is not subject to the privilege as provided under subsection (13).

    (b) If a court, after an in camera review, requires disclosure in a criminal proceeding after determining 1 or more of the following:

    (i) The privilege is asserted for a fraudulent purpose.

    (ii) The material is not subject to the privilege as provided under subsection (13).

    (iii) The material contains evidence relevant to the commission of a criminal offense under this act.

    (8) Within 14 days after the director or the attorney general makes a written request by certified mail for disclosure of an insurance compliance self-evaluative audit document, the insurer that prepared the document or caused the document to be prepared may file with the Ingham County circuit court a petition requesting an in camera hearing on whether the insurance compliance self-evaluative audit document or portions of the audit document are subject to disclosure. Failure by the insurer to file a petition waives the privilege provided by this section for the request. An insurer asserting the insurance compliance self-evaluative privilege in response to a request for disclosure under this subsection shall include in its request for an in camera hearing all of the information listed in subsection (10). Within 30 days after the filing of the petition, the court shall issue an order scheduling an in camera hearing to determine whether the insurance compliance self-evaluative audit document or portions of the audit document are privileged or are subject to disclosure.

    (9) If the court requires disclosure under subsections (7) and (8), the court may compel the disclosure of only those portions of an insurance compliance self-evaluative audit document relevant to issues in dispute in the underlying proceeding. Information required to be disclosed shall not be considered a public document and shall not be considered to be a waiver of the privilege for any other civil, criminal, or administrative proceeding.

    (10) An insurer asserting the privilege under this section in response to a request for disclosure under subsection (8) shall provide to the director or the attorney general, at the time of filing an objection to the disclosure, all of the following information:

    (a) The date of the insurance compliance self-evaluative audit document.

    (b) The identity of the entity or individual conducting the audit.

    (c) The general nature of the activities covered by the insurance compliance self-evaluative audit.

    (d) An identification of the portions of the insurance compliance self-evaluative audit document for which the privilege is being asserted.

    (11) An insurer asserting the privilege under this section has the burden of demonstrating the applicability of the privilege. Once an insurer has established the applicability of the privilege, a party seeking disclosure under subsection (7)(a)(i) has the burden of proving that the privilege is asserted for a fraudulent purpose. The director or attorney general seeking disclosure under subsection (7)(b)(iii) has the burden of proving the elements listed in subsection (7)(b)(iii).

    (12) The parties may at any time stipulate in proceedings under this section to entry of an order directing that specific information contained in an insurance compliance self-evaluative audit document is or is not subject to the privileges provided under subsections (1) and (2). Any such stipulation may be limited to the instant proceeding and, absent specific language to the contrary, is not applicable to any other proceeding.

    (13) The privileges provided under subsections (1) and (2) do not extend to any of the following:

    (a) Documents, communications, data, reports, or other information expressly required to be collected, developed, maintained, or reported to a regulatory agency under this act or other federal or state law.

    (b) Information obtained by observation or monitoring by any regulatory agency.

    (c) Information obtained from a source independent of the insurance compliance audit.

    (d) Documents, communication, data, reports, memoranda, drawings, photographs, exhibits, computer records, maps, charts, graphs, and surveys kept or prepared in the ordinary course of business.

    (14) This section does not limit, waive, or abrogate the scope or nature of any other statutory or common law privilege.

    (15) As used in this section:

    (a) "Insurance compliance audit" means a voluntary, internal evaluation, review, assessment, audit, or investigation for the purpose of identifying or preventing noncompliance with or promoting compliance with laws, regulations, orders, or industry or professional standards, conducted by or on behalf of an insurer licensed or regulated under this act or that involves an activity regulated under this act.

    (b) "Insurance compliance self-evaluative audit document" means a document prepared as a result of or in connection with an insurance compliance audit. An insurance compliance self-evaluative audit document may include a written response to the findings of an insurance compliance audit. An insurance compliance self-evaluative audit document may include, but is not limited to, field notes and records of observations, findings, opinions, suggestions, conclusions, drafts, memoranda, drawings, photographs, exhibits, computer-generated or electronically recorded information, phone records, maps, charts, graphs, and surveys, if this supporting information is collected or prepared in the course of an insurance compliance audit or attached as an exhibit to the audit. An insurance compliance self-evaluative audit document also includes, but is not limited to, any of the following:

    (i) An insurance compliance audit report prepared by an auditor, who may be an employee of the insurer or an independent contractor, that may include the scope of the audit, the information gained in the audit, and conclusions and recommendations, with exhibits and appendices.

    (ii) Memoranda and documents analyzing portions or all of the insurance compliance audit report and discussing potential implementation issues.

    (iii) An implementation plan that addresses correcting past noncompliance, improving current compliance, and preventing future noncompliance.

    (iv) Analytic data generated in the course of conducting the insurance compliance audit.

    (c) "Insurer" means that term as defined in section 106 and includes a nonprofit dental care corporation operating under 1963 PA 125, MCL 550.351 to 550.373.