Skip to content
Producers · NAIC Model Bulletin

Use ChatGPT and Claude on Your Book — Without Tripping the NAIC Bulletin

PortEden replaces insured names, policy numbers, PHI, and NPI with placeholders before your prompt reaches OpenAI or Anthropic. Use any AI for quoting and policy work; the model never sees the underlying customer.

See pricing

Free for solo producers · No credit card · AIS Program-aligned audit log built in

Maps to
NAIC Bulletin
HIPAA
GDPR
SOC 2
CCPA
The Risk

What Goes Wrong Without PortEden

You Paste a Health Application Into ChatGPT to Spot Underwriting Issues

That application carries the applicant's name, DOB, full medical history, and SSN — PHI plus GLBA NPI. Sending it to OpenAI without an AIS Program-grade contract is exactly the unsupervised AI use the NAIC bulletin was written to flag.

Your Producer Uses Claude to Summarize a Claim File

The file holds the insured's identity, the loss description, settlement reserves, and SIU notes. Claude's context window is now the cleanest copy of a claim that may end up in litigation — kept under Anthropic's retention, not your carrier's.

You Connect Outlook to an AI Assistant for Producer Productivity

Subject lines like "Smith — auto policy renewal, prior DUI" and the policy detail itself flow into the AI. One subprocessor change and you owe state-by-state breach notices and an AIS Program incident write-up.

How PortEden Protects Your Agency

PHI and NPI, Redacted Before It Reaches the Model.

PortEden inspects every field your AI is about to see. Insured names, policy numbers, SSNs, medical detail, and free-text NPI are replaced with placeholders at the boundary — never sent to OpenAI or Anthropic.

Your data
PortEdenRedact
Your AI
Claude
ChatGPT
Copilot
Gemini
Grok
Safe
Sensitive
Redacted
Compliance Reality

What the NAIC Model Bulletin Actually Requires When Your Agency Uses ChatGPT or Claude

  • Adopt a written AI Systems (AIS) Program governing the design, development, deployment, and oversight of every AI used in insurance — that includes consumer-grade ChatGPT and Claude when staff use them on quotes or claims.
  • Maintain documented controls over data inputs, third-party vendors, and the records you'd produce in a market-conduct exam. Most states that adopted the bulletin (24+ as of 2026) ask for the AIS Program first, the use-case inventory second.
  • Comply with state Unfair Trade Practices and producer-licensing rules, plus the federal Gramm-Leach-Bliley Act privacy obligations. AI vendors that log prompts for training or moderation can pull both into scope at once.
  • Document AI use in claims, underwriting, marketing, and customer service. The bulletin's testing, validation, and bias-audit expectations apply even when the AI is a general-purpose chatbot your producers use on their own.
NAIC Model Bulletin on the Use of AI by Insurers
The Solution

Built For Insurance Agents

PHI- and NPI-Aware Redaction in Gmail and Outlook

Replaces 50+ identifier types — insured names, policy numbers, SSNs, DLs, claim numbers, medical detail, and free-text NPI — with placeholders in under 200 ms before the prompt leaves your perimeter. The AI receives only the redacted version; the underlying record never reaches OpenAI or Anthropic.

AIS Program-Aligned Audit Log

Per-line, per-policy, per-claim record of every prompt, every redaction outcome, and every AI use case in your agency. Drops directly into the AIS Program inventory the NAIC Model Bulletin requires and exports cleanly for a state market-conduct exam.

Per-State Policy Engine — 24+ Bulletin-Adopted States

Layer per-state overrides onto your agency-wide defaults. New York Reg 90 redactions and a Colorado SB21-169 quantitative-testing trail can apply at the same time without any producer touching a config.

Works With Claude, ChatGPT, and Copilot — No AMS Replacement

Keep using AMS360, Applied Epic, EZLynx, or HawkSoft. PortEden sits in front of any AI tool — no plugin to install in your AMS, no per-producer browser extension. Solo producer to multi-state agency in days, not months.

Works With What You Already Use
Outlook
Outlook
Microsoft 365 inbox-side redaction for producer email
Gmail
Gmail
Inbox-side redaction for AI-drafted replies
Outlook Calendar
Outlook Calendar
Strip insured names from renewal meeting titles
Teams
Teams
Microsoft 365 chat redaction for producer/CSR coordination
With and Without PortEden

The Same Workflow, Two Very Different Outcomes

Underwriting Triage With ChatGPT
Without
Applicant name, DOB, medical history, and SSN sent to OpenAI in plain text — uncatalogued AI use under the NAIC AIS Program rules.
With
Identifiers and medical detail replaced with placeholders before the request leaves your network. The AI flags risk; PortEden re-hydrates the names locally.
Claim File Summary With Claude
Without
Insured identity, loss description, reserves, and SIU notes sent to Anthropic. Retained per their policy, not your carrier's record-retention rules.
With
Loss narrative and structure reach the model; identifiers, claim numbers, and reserves are placeholders. The AI summarizes without seeing whose claim.
Inbox Search With Copilot or Gemini
Without
Every matching email — applications, declarations pages, ID copies — sent to the AI in plain text. Includes records the search ultimately discards.
With
Email content reaches the model with PHI and NPI replaced by placeholders. The AI ranks results without seeing the underlying record.
State Market-Conduct Exam or AIS Program Audit
Without
No record of which AI uses ran on which line of business. Reconstructing the AIS Program inventory from screenshots is the gap state regulators have started flagging.
With
Per-line, per-policy, per-claim audit log of every AI use, exportable on demand for the state DOI, your carrier audit team, or your E&O carrier.
Multi-Producer Rollout Across States
Without
Each producer follows AI policy by hand; one paste-and-prompt is a 24-state market-conduct problem.
With
Agency-wide defaults; per-state and per-line overrides flow from your AMS or licensing system.
Try It on Your Book

Five-Minute Setup. Free for Solo Producers.

Connect Outlook or Gmail via OAuth. Pick the NAIC Bulletin profile. Keep using ChatGPT or Claude exactly the way you do today — with PHI and NPI protected by default.

See pricing

Frequently Asked Questions

Does using ChatGPT or Claude with PortEden count as undocumented AI use under the NAIC Model Bulletin?
PortEden replaces PHI and NPI with placeholders before the prompt leaves your perimeter, and the audit log captures every prompt, every use case, and every line of business it touched. That's exactly the AIS Program inventory the bulletin asks for — the AI use isn't undocumented, and the underlying record isn't disclosed in the clear.
How many states have adopted the NAIC Model Bulletin?
More than two dozen as of 2026, including New York, Colorado, Connecticut, Illinois, Pennsylvania, and Washington. Several add their own twists — New York's Circular Letter No. 7 (2024) and Colorado's SB21-169 quantitative-testing rules layer on top of the AIS Program expectations. PortEden's per-state policy engine applies the right overrides automatically.
Will PortEden change the AMS or rater workflow my producers use?
No. PortEden runs in front of your AI, not your AMS. You keep using AMS360, Applied Epic, EZLynx, HawkSoft, or whatever rater your shop runs on, and the redaction layer sits between any AI tool and the data the AI is about to read.
What about HIPAA on health and life applications?
PortEden treats medical detail on health and life applications as PHI and redacts it before any AI sees it. The protected fields never reach OpenAI or Anthropic. Compliance with HIPAA remains your responsibility — PortEden provides the redaction control.
Can carriers see the audit trail when they audit our agency?
Yes. The audit log exports cleanly as CSV or to a SIEM. Carrier audit teams get the per-policy, per-claim record they need without you having to invite them into the underlying email accounts. Same export feeds your AIS Program inventory and your E&O carrier's annual review.
Can multi-state agencies apply different rules per state and per line?
Yes. Set agency-wide defaults once; per-state, per-line, and per-carrier overrides flow from your AMS or licensing system. New York personal auto can ride a stricter Reg 90 profile while Texas commercial uses the agency default — no one re-configures anything by hand.
What does it cost and how long does setup take?
There's a free tier for solo producers. Agency pricing scales by producer — full pricing is on the pricing page. Setup is under 5 minutes for a solo producer on Outlook or Gmail + ChatGPT or Claude. Multi-state agencies typically take a half-day for SSO and AMS integration.

Keep Exploring

Ready to Use AI in Your Agency Without the AIS Program Gap?

Five-minute setup. Free for solo producers. AIS Program-aligned audit log and per-state policy engine from day one.

See pricing

Multi-state agency or carrier? Talk to sales →