Privacy Rules

CB0003-16

January 21, 2016

As a sales agent, you are entrusted with many levels of consumers’ personal information. This Compliance Bulletin reviews your requirements for safeguarding all consumer information and specifically includes; Protected Health Information (“PHI”) and Personal Identifiable Information (“PII”). This information can be in any form including oral, written or electronic.

Personal Health Information

  • Consumer demographics
  • Health information on any level

Personal Identifiable Information

  • Social Security number
  • Driver’s license or state identification card
  • Credit card
  • Debit card
  • Banking information
  • Passwords

Sales agents must comply with the HIPAA Security Rule Safeguard measures. In the event of a security breach you have failed to comply with the security rules, a federal fine may be imposed. Simple, basic security measures include:

  • All electronic devices containing any confidential information must be encrypted.
  • Do not store PHI on mobile devices or flash drives. This includes taking pictures of Medicare ID cards.
  • When disposing equipment that may contain any sort of confidential information, the device must be overwritten or destroyed.This includes copiers, fax machines and laptops.
  • Do not text identifying or confidential information in the event a signal may be intercepted.

Email Transmission

  • Emails and reports attached to emails, containing confidential information, must be encrypted when transmitting.
  • Recheck email addresses and distribution list.
  • Information sent must be for business purposes only.
  • Use a disclaimer on all email messages.

Sample disclaimer for email messages;
Confidentiality Notice: This e-mail, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this e-mail is not the intended recipient or his or her authorized agent, the reader is hereby notified that any use, dissemination, distribution, retention or copying of this e-mail is prohibited. If you have received this e-mail in error, please notify the sender by replying to this message and delete this e-mail immediately.

Faxing

  • Should be very limited and used only when an alternative, more secure method is not available.
  • Use a cover page that includes a HIPAA disclaimer.
  • Recipient fax number should be verified prior to sending.

Sample disclaimer for fax cover sheets;
Confidentiality Notice: The information contained in this facsimile may be confidential and legally privileged. It is intended only for use of the individual named. If you are not the intended recipient, you are hereby notified that the disclosure, copying, distribution, or taking of any action in regards to the contents of this fax – except its direct delivery to the intended recipient – is strictly prohibited. If you have received this fax in error, please notify the sender immediately and destroy this cover sheet along with its contents, and delete from your system, if applicable.

In the event of a breach;

  • Immediately inform your hierarchy of the breach.
  • Hierarchy and/or agent will immediately contact the Compliance Department at 844-206-2927 or Compliance@NSGACommunications.com.
  • The Compliance Department will immediately follow all federal, state and carrier guidelines.

Resources
The Office of Civil Rights (enforcement body of HIPAA)
http://www.hhs.gov/ocr/office/index.html
HIPAA Privacy and Security Rule
http://www.hhs.gov/ocr/privacy/hipaa/administrative/combined/index.html
Additional information on encryption
http://csrc.nist.gov/

As always, we thank you for your support and cooperation. For questions or comments, please email us at Compliance@NSGACommunications.com or you may call the toll-free number listed below.

FOR AGENT USE ONLY. NOT FOR USE WITH CONSUMERS.

Compliance Updates | 2650 McCormick Drive | Clearwater, FL 33759 | 844.206.2927

error: Alert: Content is protected !!