As Americans become increasingly concerned about the privacy of their health and personal information, independent insurance agents and brokers must make safeguarding private client information a specific focus within their businesses, according to Safeguarding Non-Public Personal Information, a new report from the Agents Council for Technology (ACT).
ACT is a partnership of independent agents, companies, technology vendors, user groups and associations dedicated to assisting agents in the use of effective policies, workflows and technologies. The new privacy laws and regulations, such as HIPAA (Health Insurance Portability and Accountability Act), Gramm-Leach-Bliley, and the Fair Credit Reporting Act, as well as a growing number of state laws, may require adjustments in each of these areas of agency operations for many agencies.
“Independent agents and brokers need to be aware as to how these relatively new laws and regulations impact them,” said Jeff Yates, ACT executive director. “Many agencies may need to heighten the awareness of their staffs regarding these requirements and take pro-active actions on several fronts to comply with these new privacy requirements to protect themselves from the potential of incurring significant penalties and liability which may not be covered by insurance.”
Chris Ball, a principal of Miami, Fla.-based InSource Inc., said ACT has developed the report to help agents and brokers understand privacy issues and encourage them to begin compliance plans.
Ball, who also serves as chairman of the ACT work group, said that if an agency were to be audited by a government entity regarding a possible HIPAA or other privacy violation, the government will want to see that the agency has, to the extent required by applicable laws, acted to protect the privacy of personal information by adopting appropriate policies and procedures; restricted access to only those employees who need to see the information; trained the agency’s employees in these policies and procedures; audited compliance and corrected instances of non-compliance; and documented all of these steps.
To provide guidance on crafting policies that comply with privacy laws and regulations, the report outlines some key principles independent agents and brokers should consider implementing, such as:
* Developing an overall policy designed to comply with various privacy laws rather than trying to adopt multiple policies based upon the requirements of each law.
* Appointing a privacy officer who has a good knowledge of overall agency operations and charging that individual with developing a detailed understanding of the various privacy laws.
* Appointing a security officer to oversee the agency’s security policies and procedures to protect the agency’s information from both external and internal threats— whether the information is in electronic or paper form, or conveyed orally.
* Limiting access to non-public personal information and individually identifiable medical information to only those employees who have a need to see it.
In addition to the key principles, the report also addresses how HIPAA and other privacy issues typically come into play within independent agencies and brokers with regard to the health and other private information of both clients and agency employees. The report contains a sample “HIPAA Employee Compliance Training Memo,” which provides a starting point for agencies to develop their own memo to heighten their employees’ awareness of needed HIPAA policies and safeguards. The report also provides a checklist of some of the security issues agencies need to take into account to safeguard their client information from both internal and external threats.
The new ACT report is linked to the companion publication “ACT HIPAA and Privacy Supplement” which goes into greater depth on several of these issues. The supplement contains sample workflows for an employee benefits department in order to highlight the procedures that may be impacted by the new HIPAA rule. The supplement also includes a comprehensive legal memorandum on the new HIPAA rule called “Frequently Asked Questions and Answers.”
To download Safeguarding Non-Public Personal Information, please visit www.independentagent.com/act and go to the “Technology Reports” section. For more information on ACT, please contact Jeff Yates at (800) 221-7917 or firstname.lastname@example.org.
Was this article valuable?
Here are more articles you may enjoy.