Privacy and Security

There are numerous regulations requiring the protection of consumer information, particularly the HIPAA Privacy Rule and Security Rule, as well as state breach notification laws.

You are required to protect two types of information: Protected Health Information (PHI) and Personally Identifiable Information (PII). Most regulations concern PHI and PII in the electronic form, but some states include PHI and paper documents.

  • PHI is individually identifiable information (including demographics) that relates to health condition, the provision of health care, or payment for such care.
    • Identified individual + health information = PHI
    • For example: Jesse James + has diabetes = PHI
    • The fact that someone is applying for coverage or is enrolled in a plan is considered health information
  • PII is a person’s first name or last name in combination with one or more of the following data elements:
    • Social Security number, driver’s license number or state identification card number, account number, credit card or debit card number in combination with any required security code, access code or password that would permit access to an individual’s financial account.
       

Tips for Safeguarding Member Information

Encryption
Many carriers require agents who are transmitting any client information on a CPU, laptop or other device to have the device encrypted. Encryption changes data so that the contents cannot be understood if intercepted.

There are several technologies capable of implementing full drive encryption. For example:

  • Microsoft BitLocker (may be free with your computer)
  • Apple FileVault (may be free with your computer)
  • Kaspersky’s full disk encryption
  • Symantec Endpoint Encryption
  • VeraCrypt

For devices such as a smartphone or tablet, you will need to contact your cell phone carrier or manufacturer for the exact process to encrypt your device.

Secure Email
Emails and reports attached to emails containing PHI or PII must be encrypted during transmission.

Sending an email to SMS? Use SMS’s free Secure Email System

Instructions on Reporting a Breach Or Security Incident
When you identify a potential breach you should immediately report the breach to Senior Market Sales and the carrier.

Also, be sure to report thefts to local law enforcement and retain all documents, if applicable.

Examples of Potential Breach or Breach
Mis-directed fax, sending an application to the wrong email address, unauthorized access (taking a spouse with to visit a client, stolen laptop), etc.

Email the SMS Compliance Department or call 1.800.786.5566 Ext. 3694.

Humana
Email: privacyofficer@humana.com
Fax: 502-508-3700
Report by mail to:
Humana, Inc. Privacy Office
500 W. Main Street
Louisville, KY 40202

UHC
Email: uhc_privacy_office@uhc.com
Email: Compliance_questions@uhc.com
Call the Ethics and Compliance help center at 1-800-455-4521

Aetna-Coventry
Call the AlertLine at 1-888-891-8910
Visit https://aetna.alertline.com

Cigna-HealthSpring
Call the Ethics help line at 1-800-472-8348
Email: Ethics@cigna.com