Business Associate Privacy Rules
CB0026-15
November 6, 2015
As a sales agent, you are entrusted with many levels of consumers’ personal information. This Compliance Bulletin reviews your requirements for safeguarding all consumer information and specifically includes; Protected Health Information (“PHI”) and Personal Identifiable Information (“PII”). This information can be in any form including oral, written or electronic.
Personal Health Information
- Consumer demographics
- Health information on any level
Personal Identifiable Information
- Social Security number
- Driver’s license or state identification card
- Credit Card
- Debit Card
- Banking information
- Passwords
Sales agents must comply with the HIPAA Security Rule Safeguard measures. In the event of a security breach you have failed to comply with the security rules, a federal fine may be imposed. Simple, basic security measures include:
- All electronic devices containing any confidential information must be encrypted.
- Do not store PHI on mobile devices or flash drives. This includes taking pictures of Medicare ID cards.
- When disposing equipment that may contain any sort of confidential information, the device must be overwritten or destroyed. This includes copies, fax machines, and laptops.
- Do not text identifying or confidential information in the event a signal may be intercepted.
Email Transmission
- Emails and reports attached to emails containing confidential information must be encrypted when transmitting.
- Recheck email addresses and distribution list.
- Information sent must be limited to a minimum number of people and for business purposes only.
- Use a disclaimer on all email messages.
Faxing
- Should be very limited and only when an alternative, more secure method is not available.
- Use a coverage page that includes a HIPAA disclaimer.
- Recipient fax number should be verified prior to sending.
In the event of a breach;
- Immediately inform your hierarchy of the breach.
- Hierarchy and/or agent will immediately contact the Compliance Department at 844-206-2927 or Compliance@NSGACommunications.com.
- The Compliance Department will immediately follow all federal, state and carrier guidelines.
Resources
The Office of Civil Rights (enforcement body of HIPAA)
http://www.hhs.gov/ocr/office/index.html
HIPAA Privacy and Security Rule http://www.hhs.gov/ocr/privacy/hipaa/administrative/combined/index.html
Additional information on encryption
http://csrc.nist.gov/
As always, we thank you for your support and cooperation. For questions or comments, please email us at Compliance@NSGACommunications.com or you may call the toll-free number listed below.
FOR AGENT USE ONLY. NOT FOR USE WITH CONSUMERS.
Compliance Updates | 2650 McCormick Drive | Clearwater, FL 33759 | 844.206.2927