Business Associate Privacy Rules

CB0026-15

November 6, 2015

As a sales agent, you are entrusted with many levels of consumers’ personal information. This Compliance Bulletin reviews your requirements for safeguarding all consumer information and specifically includes; Protected Health Information (“PHI”) and Personal Identifiable Information (“PII”). This information can be in any form including oral, written or electronic.

Personal Health Information

  • Consumer demographics
  • Health information on any level

Personal Identifiable Information

  • Social Security number
  • Driver’s license or state identification card
  • Credit Card
  • Debit Card
  • Banking information
  • Passwords

Sales agents must comply with the HIPAA Security Rule Safeguard measures. In the event of a security breach you have failed to comply with the security rules, a federal fine may be imposed. Simple, basic security measures include:

  • All electronic devices containing any confidential information must be encrypted.
  • Do not store PHI on mobile devices or flash drives. This includes taking pictures of Medicare ID cards.
  • When disposing equipment that may contain any sort of confidential information, the device must be overwritten or destroyed. This includes copies, fax machines, and laptops.
  • Do not text identifying or confidential information in the event a signal may be intercepted.

Email Transmission

  • Emails and reports attached to emails containing confidential information must be encrypted when transmitting.
  • Recheck email addresses and distribution list.
  • Information sent must be limited to a minimum number of people and for business purposes only.
  • Use a disclaimer on all email messages.

Faxing

  • Should be very limited and only when an alternative, more secure method is not available.
  • Use a coverage page that includes a HIPAA disclaimer.
  • Recipient fax number should be verified prior to sending.

In the event of a breach;

  • Immediately inform your hierarchy of the breach.
  • Hierarchy and/or agent will immediately contact the Compliance Department at 844-206-2927 or Compliance@NSGACommunications.com.
  • The Compliance Department will immediately follow all federal, state and carrier guidelines.

 

Resources
The Office of Civil Rights (enforcement body of HIPAA)
http://www.hhs.gov/ocr/office/index.html
HIPAA Privacy and Security Rule http://www.hhs.gov/ocr/privacy/hipaa/administrative/combined/index.html
Additional information on encryption
http://csrc.nist.gov/

As always, we thank you for your support and cooperation. For questions or comments, please email us at Compliance@YourMedicare.com or you may call the toll-free number listed below.

FOR AGENT USE ONLY. NOT FOR USE WITH CONSUMERS.

Compliance Updates | 2650 McCormick Drive | Clearwater, FL 33759 | 844.206.2927