Your plan members disclose a great deal of personal sensitive information in the process of comparing and enrolling in Medicare plans. All employees of your agency must protect this identifiable information and health information to keep your clients safe from identity theft.
What Is This Sensitive Information?
It is your and your fellow agents’ responsibility to secure any information that your clients would not want to be public. This information falls into two major categories: protected health information and personally identifiable information.
When you collect many of the details needed to check if any particular plan is suited to the needs of your client, they will necessarily have to disclose personal health information (PHI). That might include their current primary care physician, medications they are taking, pre-existing conditions, and more. Those details help you narrow down whether the client is a good fit for a Special Needs Plan or if a Prescription Drug Plan will cover all of their prescriptions.
Personally identifiable information (PII) you encounter may include Social Security numbers, a client’s date of birth, demographics, and more.
How to Protect Sensitive Information
There are a few measures you can take to secure this sensitive information, on top of training your employees in all of these procedures.
Encrypt all portable storage devices (phones, tablets, laptops, flash drives, CDs, etc.). Use a secure or encrypted email for all communications with your employees and clients. Before you send an email, recheck that you have addressed it to the correct email address. Include a privacy disclaimer when you email sensitive information. When sending a fax, recheck the fax number before sending and add a cover page with the HIPAA disclaimer.
What Counts As a Privacy Breach
How do you know if you or an employee has potentially compromised a client’s personal health information or personal identifiable information? Inappropriate disclosure may look like the following:
- You send a email containing sensitive information to the wrong email address
- You send a fax with PHI/PII to the wrong fax number
- You lost an unencrypted electronic storage device with sensitive information
- An unencrypted electronic storage device with sensitive information was stolen
- You lost a hard copy of a client’s PHI/PII
- A hard copy of a client’s PHI/PII was stolen
- You discuss a client’s sensitive information in a public setting
What to Do If You Suspect a Breach
Immediately report any suspected privacy breaches to the compliance department of the affected carrier or your FMO’s compliance department.
