protecting client information should be important priority
for agents and brokers
New ACT Report Outlines Recommendations for Privacy Policies
ALEXANDRIA, Va., Dec. 7—As Americans become increasingly concerned about the privacy of their health and personal information, independent insurance agents and brokers must make safeguarding private client information a specific focus within their businesses, according to Safeguarding Non-Public Personal Information, a new report from the Agents Council for Technology (ACT).
ACT is a partnership of independent agents, companies, technology vendors, user groups and associations dedicated to assisting agents in the use of effective policies, workflows and technologies. The new privacy laws and regulations, such as HIPAA (Health Insurance Portability and Accountability Act), Gramm-Leach-Bliley, and the Fair Credit Reporting Act, as well as a growing number of state laws, may require adjustments in each of these areas of agency operations for many agencies.
“Independent agents and brokers need to be aware as to how these relatively new laws and regulations impact them,” says Jeff Yates, ACT executive director. “Many agencies may need to heighten the awareness of their staffs regarding these requirements and take pro-active actions on several fronts to comply with these new privacy requirements to protect themselves from the potential of incurring significant penalties and liability which may not be covered by insurance.”
“ACT has developed a report to familiarize agents and brokers with these privacy issues and to get them started with a compliance plan,” says Chris Ball, a principal of InSource, Inc., in Miami, Fla., and chairman of the ACT work group that developed the report. “We have implemented a multi-faceted compliance strategy in our agency to fulfill the various legal requirements we faced and to heighten the protection of our clients’ and employees’ personal information in this increasingly electronic world where our systems are connected to the outside world through the Internet.”
Ball points out that if an agency were to be audited by a government entity regarding a possible HIPAA or other privacy violation, the government will want to see that the agency has, to the extent required by applicable laws, acted to protect the privacy of personal information by adopting appropriate policies and procedures; restricted access to only those employees who need to see the information; trained the agency’s employees in these policies and procedures; audited compliance and corrected instances of non-compliance; and documented all of these steps.
To provide guidance on crafting policies that comply with privacy laws and regulations, the report outlines some key principles independent agents and brokers should consider implementing, such as:
- Developing an overall policy designed to comply with various privacy laws rather than trying to adopt multiple policies based upon the requirements of each law.
- Appointing a privacy offer who has a good knowledge of overall agency operations and charging that individual with developing a detailed understanding of the various privacy laws.
- Appointing a security officer to oversee the agency’s security policies and procedures to protect the agency’s information from both external and internal threats— whether the information is in electronic or paper form, or conveyed orally.
- Limiting access to non-public personal information and individually identifiable medical information to only those employees who have a need to see it.
- Auditing and documenting the implementation of privacy policies and procedures as a way to measure a privacy policy’s success and to provide an audit trail.
In addition to the key principles, the report also addresses how HIPAA and other privacy issues typically come into play within independent agencies and brokers with regard to the health and other private information of both clients and agency employees. The report contains a sample “HIPAA Employee Compliance Training Memo,” which provides a starting point for agencies to develop their own memo to heighten their employees’ awareness of needed HIPAA policies and safeguards. The report also provides a checklist of some of the security issues agencies need to take into account to safeguard their client information from both internal and external threats.
The new ACT report is linked to the companion publication “ACT HIPAA and Privacy Supplement” which goes into greater depth on several of these issues. The supplement contains sample workflows for an employee benefits department in order to highlight the procedures that may be impacted by the new HIPAA rule. The supplement also includes a comprehensive legal memorandum on the new HIPAA rule called “Frequently Asked Questions and Answers” that was developed specifically for independent agencies and brokers by Independent Insurance Agents & Brokers of America (IIABA).
To download Safeguarding Non-Public Personal Information, please visit www.independentagent.com/act and go to the “Technology Reports” section. For more information on ACT, please contact Jeff Yates at (800) 221-7917 or jeff.yates@iiaba.net.
Established in 1999 by IIABA, ACT provides a candid, action-oriented forum for agent and industry associations, user groups, companies and vendors to address critical technology and workflow issues facing the independent agency system.
Founded in 1896, IIABA is the nation’s oldest and largest national association of independent insurance agents and brokers, representing a network of more than 300,000 agents, brokers and their employees nationally. Its members are businesses that offer customers a choice of policies from a variety of insurance companies. Independent agents and brokers offer all lines of insurance—property, casualty, life, and health—as well as employee benefit plans and retirement products. Web address: www.independentagent.com.
###