Encryption Reminder


February 17, 2017

Sales agents are entrusted with many levels of consumers’ personal information. This Compliance Bulletin reviews your requirements for safeguarding all consumer information and specifically includes; Protected Health Information (“PHI”) and Personal Identifiable Information (“PII”).

The information can be in any form including oral, written or electronic.

Personal Health Information

  • Consumer demographics
  • Health information on any level

Personal Identifiable Information

  • Social Security Number
  • Driver’s license or state identification card
  • Credit card
  • Debit card
  • Banking information
  • Passwords

Sales agents are required to comply with all HIPAA Security Rule Safeguard measures. Electronic devices containing any confidential information must be encrypted and password protected.

What is encryption?

Encryption means to scramble data into an unreadable state and requires a key to access. It is a key part of a security strategy and applies to data at rest and during transit. Think of it as a digital privacy fence that prevents unauthorized access.

  • Do not store PHI on mobile devices or flash drives
  • Do not take pictures of Medicare ID cards and/or Social Security cards
  • When disposing equipment that may contain any sort of confidential information, the device must be overwritten or destroyed. This includes copiers, fax machines and laptops
  • Do not text identifying or confidential information in the event a signal may be intercepted

Email Transmission

  • Emails and reports attached to emails containing confidential information must be encrypted when transmitting
  • Recheck email addresses and distribution list
  • Information sent must be for business purposes only
  • Use a disclaimer on all email messages

Sample disclaimer for email messages:

Confidentiality Notice: This e-mail, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this e-mail is not the intended recipient or his or her authorized agent, the reader is hereby notified that any use, dissemination, distribution, retention or copying of this e-mail is prohibited. If you have received this e-mail in error, please notify the sender by replying to this message and delete this e-mail immediately.


  • Should be very limited and used only when an alternative, more secure method is not available
  • Use a cover page that includes a HIPAA disclaimer
  • Recipient fax number should be verified prior to sending

Sample disclaimer for fax cover sheets:

Confidentiality Notice: The information contained in this facsimile may be confidential and legally privileged. It is intended only for use of the Individual named. If you are not the intended recipient, you are hereby notified that the disclosure, copying, distribution, or taking of any action in regards to the contents of this fax – except its direct delivery to the intended recipient – is strictly prohibited. If you have received this fax in error, please notify the sender immediately and destroy this cover sheet along with its contents, and delete from your system, if applicable.

In the event of a breach:

  • Immediately inform your hierarchy of the breach
  • Hierarchy and/or agent will immediately contact the Compliance Department at 844-206-2927 or Compliance@NSGACommunications.com
  • The Compliance Department will follow all federal, state and carrier guidelines


The Office of Civil Rights (enforcement body of HIPAA)

HIPAA Privacy and Security Rule

Additional information on ecryption

As always, we thank you for your support and cooperation. For questions or comments, please email us at Compliance@YourMedicare.com or you may call the toll-free number listed below.


Compliance Updates | 2650 McCormick Drive | Clearwater, FL 33759 | 844.206.2927