Compliance Bulletin
Keeping Information Secure
HIPAA Privacy and Security
CB0002-18
January 31, 2018

Reminder...

As a sales agent, consumers entrust you with a great deal of their personal information. HIPAA information is sensitive and should be kept confidential and only disclosed as needed in order to prevent fraud or misuse. This information specifically includes Protected Health Information ("PHI") and Personal Identifiable Information ("PII"). The information can be in any form including oral, written or electronic.

Personal Health Information (PHI)

  • Consumer demographics
  • Health information on any level

Personal Identifiable Information (PII)

  • Social Security Number
  • Driver's license or state identification card
  • Credit or Debit card
  • Banking information
  • Passwords

Below are some steps you can take to help ensure compliance witht he HIPAA Privacy and Security rules and regulations:

  • Electronic devices containing confidential information must be encrypted and password protected.
  • Emails with confidential information must be encrypted when transmitting.
  • When sending faxes, use a cover page with a HIPAA disclaimer. Verify the recipient's fax number prior to sending.
  • Store documents with PHI and PII in a secure, locked location.This includes, but is not limited to:
    1. Inventory sheets
    2. Needs analysis
    3. Meeting notes
    4. Applications
    5. Consumer checks
  • Use a secure method to dispose of any documents containing PHI or PII such as the shredder that is located in each office.

Sample disclaimer for email messages:

Confidentiality Notice: This e-mail, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this e-mail is not the intended recipient or his or her authorized agent, the reader is hereby notified that any use, dissemination, distribution, retention or copying of this e-mail is prohibited. If you have received this e-mail in error, please notify the sender by replying to this message and delete this e-mail immediately.

Sample Disclaimer for fax cover sheets:

Confidentiality Notice: The information contained in this facsimile may be confidential and legally privileged. It is intended only for use of the Individual named. If you are not the intended recipient, you are hereby notified that the disclosure, copying, distribution, or taking of any action in regards to the contents of this fax - except its direct delivery to the intended recipient - is strictly prohibited. If you have received this fax in error, please notify the sender immediately and destroy this cover sheet along with its contents, and delete from your system, if applicable.

In the Event of a Breach:

  • Immediately inform your General Manager.
  • Contact the Compliance Department; we will immediately follow all federal, state and carrier reporting guidelines.

Resources

The Office of Civil Rights (enforcement body of HIPAA
https://www.hhs.gov/ocr/index.html

HIPAA Privacy and Security Rule
https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/combined-regulation-text/index.html

Additional Information Encryption
http://csrc.nist.gov

Compliance Updates | 2650 McCormick Drive | Clearwater, FL 33759 | 844.206.2927