Business Associate Privacy Rules


September 29, 2015

As a sales agent, you are entrusted with many levels of consumers’ personal information. This Compliance Bulletin reviews your requirements for safeguarding all consumer information and specifically includes; Protected Health Information (“PHI”) and Personal Identifiable Information (“PII”). This information can be in any form including oral, written or electronic.

Personal Health Information

  • Consumer demographics
  • Health information on any level

Personal Identifiable Information

  • Social Security number
  • Driver’s license or state identification card
  • Credit Card
  • Debit Card
  • Banking information
  • Passwords

Sales agents must comply with the HIPAA Security Rule Safeguard measures. In the event of a security breach you have failed to comply with the security rules, a federal fine may be imposed. Simple, basic security measures include:

  • All electronic devices containing any confidential information must be encrypted.
  • Do not store PHI on mobile devices or flash drives. This includes taking pictures of Medicare ID cards.
  • When disposing equipment that may contain any sort of confidential information, the device must be overwritten or destroyed. This includes copies, fax machines, and laptops.
  • Do not text identifying or confidential information in the event a signal may be intercepted.

Email Transmission

  • Emails and reports attached to emails containing confidential information must be encrypted when transmitting.
  • Recheck email addresses and distribution list.
  • Information sent must be limited to a minimum number of people and for business purposes only.
  • Use a disclaimer on all email messages.


  • Should be very limited and only when an alternative, more secure method is not available.
  • Use a coverage page that includes a HIPAA disclaimer.
  • Recipient fax number should be verified prior to sending.

In the event of a breach;

  • Immediately inform your hierarchy of the breach.
  • Hierarchy and/or agent will immediately contact the Compliance Department at 844-206-2927 or
  • The Compliance Department will immediately follow all federal, state and carrier guidelines.


The Office of Civil Rights (enforcement body of HIPAA)
HIPAA Privacy and Security Rule
Additional information on encryption

As always, we thank you for your support and cooperation. For questions or comments, please email us at or you may call the toll-free number listed below.


Compliance Updates | 2650 McCormick Drive | Clearwater, FL 33759 | 844.206.2927