Privacy – Protecting Member and Consumer Information
When it comes to privacy and security incidents, we know that members and consumers can easily be affected. Protecting member and consumer health information should reduce the risk of identity theft through any information that is maintained, stored and/or transmitted electronically.
Protected Health Information (PHI)
PHI is any information about a potential or actual member that demonstrates the individual has or is seeking insurance. All consumer and member information, including demographics, is considered protected and confidential.
Protecting consumer and member information
All Florida Independent Insurance Consultants have a responsibility to act as the first line of defense to protect consumer and member PHI.
Laptops and encryption
The use of unencrypted laptops or other portable devices (e.g., flash drives or CDs) is prohibited.
Reporting Privacy and Security incidents
All Florida Independent Insurance Consultants employees, have a responsibility to report any potential or actual inappropriate disclosures or uses of consumer or member PHI. We report incidents to the Privacy Officer of the underlying carrier.
Examples of inappropriate disclosures:
Misdirected personal information: sending an email, fax or hard copy document containing member/customer information to someone other than the intended recipient.
Lost or stolen hard copy information: loss or theft of hard copy documents containing member/customer information.
Discussing member/customer information in public settings, such as in a restaurant or on an elevator.
Discussing member/customer information with friends or family.
Lost or stolen laptop: if an unencrypted containing member/customer information is lost or stolen, such loss or theft would be considered an unauthorized/ inappropriate disclosure.
If a laptop contains member PHI and is lost or stolen, such loss or theft could be considered an unauthorized disclosure of that PHI under federal law. This type of loss or theft would not be considered an unauthorized disclosure if the laptop is encrypted with a full-disk encryption program.
Example of inappropriate uses
Use of consumer or member PHI for personal or financial gain.
To Protect consumer or member information – we follow these practical steps to help keep PHI safe:
Carry only the necessary hard copy documents containing consumer or member PHI necessary to complete a task.
Keep documents containing member/customer PHI with us at all times while out on sales calls, placing documents in a folder or locked briefcase.
Take all documents containing member/customer PHI when we leave sales calls.
Store documents containing PHI in a locked file cabinet at the office or home office.
Set up home offices up in a private room, away from common areas.
Shred documents containing member PHI.
Remembering that laptops contain sensitive information, we keep laptops with us at all times when out on sales calls.
We do not share your login or passwords with others.
Storage, retention, and disposal of enrollment applications:
We never leave completed enrollment applications unattended in an area they can be viewed by others (e.g., desk, vehicle, table or booth).
We never leave our laptops or hard copy documents in our car.
We do not put consumer or member information on a jump drive (or similar portable storage device).
We scan and/or store paper enrollment applications electronically for the purpose of uploading scanned documents into Online Enrollment Tools. During the retention period, enrollment applications are stored in a secure, locked area or encrypted computer.
We do not discuss member information in public spaces including restaurants without your approval.
We ensure that we take all documents containing member PHI with us when we leave sales activities.
Retention and Disposal of enrollment applications:
We retain the enrollment applications to verify receipt by the Enrollment Department.
Within three weeks of submission to plan, we shred paper enrollment applications.
Important note: our desktops or laptops may contain PHI, including but not limited, to a member’s HICN, social security number, date of birth, address and/or health condition(s). If our desktop/laptop is lost or stolen and it is not encrypted, the information contained on it could be obtained by a third party. This would be considered a privacy breach under federal and some state laws. This is why our computers are encrypted.
For your protection We:
Double check the email address, fax number, etc. to ensure the intended recipient receives the document.
Ask to schedule meetings in more nonpublic area, such as your home or our private office space.
Receive consent or inquire if there is a legal Power of Attorney (POA) before disclosing any information.
Report if our laptop (encrypted or unencrypted) has been lost or stolen.
Ensure our laptops, hard copy documents and/or other electronic devices are with us at all times.
Shred documents containing PHI.
Carry only necessary documents needed in a locked briefcase or folder.
For your protection We Do Not:
Send email, fax or hard copy documents containing information to someone other than the intended recipient.
Discuss PHI information in public settings, such as in a restaurant or an elevator without your permission.
Discuss PHI information with friends or family.
Assume that a lost or stolen laptop is not considered to be unauthorized or inappropriate disclosure.
Leave our laptop, hard copy documents and/or other electronic devices in our car.
Throw away hard copy documents in the trash.
Expose documents in an open common area, such as the front or backseat of the car.