• Skip to primary navigation
  • Skip to main content
  • Skip to footer
  • Louisville: 555-555-555
  • Charlotte: 555-555-555
  • Why Partner
  • Our Expertise
  • Resources
  • Get Aligned
  • Broker Portal
Plan Advisors

Plan Advisors

Helping you choose the right health plan

  • Why Partner
  • Our Expertise
    • Meet Your Team
    • Success Stories
  • Resources
    • Blog
    • Care Initiative
    • MedicareCENTER
    • Medicare Marketing Support
    • Promotional Collateral
  • Let’s Talk
  • Broker Portal

HIPAA Requirements: Questions & Answers

May 12, 2014 by Lance Hoeltke

Questions and answers about HIPAA compliance and you!

This was a question from one of our clients this past week. They sell Medicare Advantage policies and, as a prerequisite to selling these policies, are required to go through AHIP’s marketing certification for MA policies. By going through this Medicare training and signing an agreement with the carrier, are they HIPAA compliant?

 

Sorry, no. Medicare Advantage training doesn’t make you HIPAA compliant.

 

AHIP Certification gets you ready to sell Medicare Advantage policies. The training is related to CMS’s marketing requirements for the types of policies you are going to sell. There is very little (if any) privacy and security training and policies and procedures creation that goes with AHIP.

 

But I agreed to adopt the Privacy and Security Policies that the MA carrier provided – Does that meet HIPAA requirements? Yes, those Policies do meet a portion of the requirements to be compliant with HIPAA Privacy and Security Rules. Almost every broker and agent takes the carriers template, signs off on the document, and promptly files it away – never to be seen again. This means that you have clearly stated that you are a business associate of your carrier and are responsible for maintaining compliance. But, just signing that you adopt their policies does not meet the HIPAA requirements. And you don’t know there is an issue until there is an issue.

 

How many out there actually went step-by-step through this agreement and really implemented a thorough HIPAA Compliance program? Not very many. In David Smith’s many years as a benefit consultant, he says, “90% of people haven’t done anything, and don’t realize the risks they are taking.” By signing this document from your carrier, you have take on a whole host of commitments that you need to be aware of.

 

One thing that stuck out when I looked at a Humana Privacy template (which I assume is pretty standard across all carriers) was they clearly state that you have to either purchase or implement your own training program on HIPAA. This is very important! Your employees are the weakest link in the proverbial chain. You can have the best encryption money can buy, and a mistake by a careless employee can ruin it all for you. HIPAA isn’t very clear as to how often you need to retrain your employees, but the best business practice is be proactive and retrain annually. You may have new hires, people forget things, etc.

 

Have you actually implemented HIPAA compliant Security standards? There have been some pretty significant changes with HIPAA as described in the 2013 Omnibus Ruling. Here are a few. All ePHI now must be encrypted in transit, at rest and in storage. Are you encrypting all emails that contain PHI? Are you encrypting your backups? Do you encrypt your computers? You need to have policies that clearly state these practices, and you have to implement them or, I’m sorry to say, you aren’t HIPAA compliant.

 

HIPAA should be at the top of everyone’s list these days. There have been some huge fines passed down from HHS. More importantly, in the insurance business, your reputation is something you’ve carefully cultivated. Your clients are your friends, sometimes they’re your

family, and nobody wants to make the phone call saying, “I sent your personal information to the wrong person; or my computer was stolen and your personal information was not encrypted like the government required me to do. As a result, you could be at risk for identity theft.” Who is going to invite you into their home to talk to them about their insurance options with this blight on your record? This can quickly destroy a business. HIPAA compliance isn’t fun, and can be a financial burden, but these regulations are here to protect you and your business. If you take advantage of the training and compliance that is out there, you are protecting your clients and your business… sounds much better than just satisfying a Federal Requirement, right?

Filed Under: CMS guidelines, Health Reform Bill, HIPAA, HIPAA compliance and training, Humana Insurance, Humana Medicare Agents, MAPD and PDP membership, Marketing Humana Medicare Plans, Medicare Beneficiaries, Medicare legislation, Service

Think "Plan Advisors first!"

Get aligned with Plan Advisors for access to these tools, resources, support, and more!

Let's Talk

Footer

STAY UP TO DATE

facebook instagram linkedIn YouTube


Florida Office
3625 NW 82nd Ave
Suite 100-F
Doral, FL 33166

CONTACT US

  • Phone: 502.228.1308
  • Fax: 502.470.5746
  • info@myplanadvisors.com
  • Serving all 50 states

  • Kentucky Office
    13040 Eastgate Park Way
    Suite 108
    Louisville, KY 40223

QUICK LINKS

  • Why Partner
  • Expertise
  • Resources
  • Talk to Plan Advisors
  • Broker Portal
  • Privacy Policy
  • Terms of Service

Copyright © 2023 · Website Design by The Marketing Squad

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
__cfduid1 monthThe cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-advertisement1 yearThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
CookieDurationDescription
YSCsessionThis cookies is set by Youtube and is used to track the views of embedded videos.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
CookieDurationDescription
_ga2 yearsThis cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gcl_au3 monthsThis cookie is used by Google Analytics to understand user interaction with the website.
_gid1 dayThis cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
CookieDurationDescription
IDE1 year 24 daysUsed by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie15 minutesThis cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE5 months 27 daysThis cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
CookieDurationDescription
_gat_UA-67564884-11 minuteNo description
CONSENT16 years 9 months 23 days 9 hours 2 minutesNo description
SAVE & ACCEPT
Powered by CookieYes Logo