Presentation is loading. Please wait.

Presentation is loading. Please wait.

Monthly Compliance Training: Protecting Your Clients’ Privacy

Published byCody Skinner Modified over 6 years ago

Similar presentations

Presentation on theme: "Monthly Compliance Training: Protecting Your Clients’ Privacy"— Presentation transcript:

1 Monthly Compliance Training: Protecting Your Clients’ Privacy
April 2017 HMIAT004093

2 Objectives By the end of this course, you will be able to:
Know what is considered a Privacy Breach Know the top 3 Privacy Breaches committed by agents Know what information is required for insurance company records Know what information an agent should and should not retain for their records Know how to properly destroy documents containing your client’s private and secured information

3 An Agent’s Trust Trust is:
An essential tool to building a good business Letting clients know the pros and cons when making insurance choices Helping clients choose the right coverage fitting their needs and budget Being transparent in presenting all of the facts Protecting the client’s personal health information and identity from privacy breaches

4 PHI PII Key Terminology Protected Health Information
Personal Identifying Information

5 Be Aware What is considered a privacy breach?
Examples include: Replying to an unsecure containing PHI Using a device for HealthMarkets business without encryption Verbally communicating PHI in a public setting Where is your client’s personal information stored? Carrier portal CRM State/Federal exchange If you store client information, electronic or paper, you need to know what to keep and what to destroy properly

6 Protecting Private Information
Agents must secure PHI and PII, including: Encrypting any device used to conduct HealthMarkets business Agents must report any theft containing clients’ private information to local police within 24 hours Agents must report a privacy breach within 24 hours to Agency Standards including the following details to Who? What? When? How? Where?

7 Information Retention

8 Insurance Company vs. Agent Needs
Insurance Company Needs Agent Needs Bank Routing & Account Numbers Name(s) of Insured Direct Deposit Address Salary/Income Phone Number Social Security Number Credit/Debit Card & Security Code Type of Coverage Reason for Product Choice(s) Previous Coverage and Carrier(s) Reason for Product Choice(s) Examples: Jane Smith wanted a plan including her doctors in their network so she chose the carrier’s PPO plan instead of the HMO plan Jim Jones wanted an accident plan, because he has 3 children under the age of 10 that play sports Sally Brown wanted health insurance with a low deductible, because she was hospitalized and used her savings to help pay the high deductible she had last year

9 Protecting Financial Information
Numerous complaints have been received where a client alleges bank or credit card information was provided to the agent when they applied for health insurance, and the agent used the information to submit an application for supplemental coverage the client did not need or request The allegations were substantiated, because: An or other communication was provided by the client demonstrating the agent requested the financial information The agent conducted the sales presentation over the phone and entered the financial information on the application instead of the client If the proper process is followed, the agent would not have the client’s financial information stored to use at a later time to enroll the customer in additional coverage without their knowledge

10 Protecting Financial Information
Agents have told Agency Standards financial information is requested to help the client set up premium payments Client premium payments should be done during the application process while the client is present, and agents should not retain the secured financial information Certain insurance companies may require Social Security Numbers during the application process; however, agents should not keep the information in their records

11 Why can’t an agent retain payment information?
Security laws exist with specific requirements for any individual who obtains/retains certain financial information When financial information is required for premium payment, the insurance company’s expectation is the client is present, the agent is entering it in as the client recites it, and the agent is not retaining the information The practice of retaining a client’s financial information when not required puts the agent’s intent in question, especially when the client alleges their identify was compromised

12 The Top 3 Reasons for Privacy Breaches
Unsecured responses Unencrypted devices Publicized personal identifying information

13 #1: Unsecured Email Responses
Agents who reply to an containing private information, even if unsolicited, create a privacy breach resending information through unsecure means To let a client know their communication was received, create a new to ensure privacy is not breached

14 Scenario 1: Unsecured Email Responses
A client s the following information to their agent they believe is needed to enroll them in health insurance: Name Date of birth Social security number Height Weight The agent replies back to the client: “I received your information below; and if I need anything else, I will contact you.” Did the agent breach private information even though the information was unsolicited from the client?

15 #2: Unencrypted Devices
Agents fail to take required measures to secure and protect personal health and identifiable information stored on computers, laptops, tablets and smart phones with appropriate encryption software Keeping equipment such as a laptop or smart phone on your person is a very good safeguard, but lost and stolen merchandise is the reason for the encryption requirement and why agents must attest annually they have taken the appropriate security measures

16 Scenario 2: Unencrypted Devices
An agent, who always keeps their unencrypted laptop on their person, was robbed. During the robbery, the agent’s laptop was stolen. The laptop contained client information, such as: Name Date of birth Address Policy numbers for various insurance companies Claim details Did the agent breach private information, even though being robbed was outside of their control?

17 #3: Publicized Personal Identifying Information
Customers take their personal and private information seriously. Complaints have been received from customers alleging an agent verbally communicated their private information in a public setting Face to Face sales presentations are always preferred. Therefore, agents should be aware of their surroundings and ensure unauthorized individuals cannot overhear protected information

18 Scenario 3: Publicized Personal Identifying Information
An agent meets their client at a small local café with limited space where their chair bumps into the next table when repositioning The agent summarizes the presentation and verbally states: “The plan is for you and your husband.” “It’s a silver plan with a moderate deductible and copay.” “The plan has benefits for chemical dependency.” “You qualify for a federal subsidy.” Did the agent breach private or protected information?

19 How to Properly Destroy PII or PHI
Protecting your client’s private information includes properly destroying it when it is not required Don’t throw private information in the trash where others could possibly see or retrieve Don’t store it on electronic devices that could be resold, lost, or stolen How to protect clients when destroying PHI and PII: Delete electronic copies located in your , folders on your laptop/tablet, or pictures on your smartphone. Hard copies should be shredded or placed in a secured and locked bin that is removed by an authorized individual/company

20 Report It It is your responsibility as an agent to report unethical or non-compliant activity Contact: Report it anonymously: Phone: (toll free) Online: (user name: HMI password: HMI)

Download ppt "Monthly Compliance Training: Protecting Your Clients’ Privacy"

Similar presentations

HIPAA Health Insurance Portability and Accountability Act of 1996

HIPAA Health Insurance Portability and Accountability Act of 1996
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Review Questions Business 205

Review Questions Business 205
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.

HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
KDE Employee Training. What IS a Data Breach? Unauthorized release (loss or theft) of Sensitive or Confidential Data, such as PII, PHI, etc. On site or.

KDE Employee Training. What IS a Data Breach? Unauthorized release (loss or theft) of Sensitive or Confidential Data, such as PII, PHI, etc. On site or.
Identity Theft Solutions. ©SHRM 20082 Introduction Identification theft became the number one criminal activity issue in 2004 and has remained at the.

Identity Theft Solutions. ©SHRM Introduction Identification theft became the number one criminal activity issue in 2004 and has remained at the.
Protecting Your Identity: What to Know, What to Do.

Protecting Your Identity: What to Know, What to Do.
BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.

BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.
Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.

Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.
Critical Data Management Indiana University HR Summit April 24, 2014.

Critical Data Management Indiana University HR Summit April 24, 2014.
SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.

SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.

1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.
Module: 202 Create and Manage a SHOP Account. It is recommended that Agents, assisting Employers with Setup and Plans in NMHIX, take this course.

Module: 202 Create and Manage a SHOP Account. It is recommended that Agents, assisting Employers with Setup and Plans in NMHIX, take this course.
Data Protection Act. Lesson Objectives To understand the data protection act.

Data Protection Act. Lesson Objectives To understand the data protection act.
Next ETCH Confidentiality and HIPAA Annual Review What you need to know. The Privacy Rule 1.

Next ETCH Confidentiality and HIPAA Annual Review What you need to know. The Privacy Rule 1.
Legal Division CSAA Insurance Group, a AAA Insurer Protecting Your Identity: What to Know, What to Do 2015 Risky Business Week.

Legal Division CSAA Insurance Group, a AAA Insurer Protecting Your Identity: What to Know, What to Do 2015 Risky Business Week.
Joel Rosenblatt Director, Computer and Network Security September 10, 2013.

Joel Rosenblatt Director, Computer and Network Security September 10, 2013.

Similar presentations

Ads by Google