CMS Indicdent and Breach Notification
Recently, I completed the 2017 Marketplace training to help my staff understand questions they might get from insurance professionals and their clients. The last section of the training was on the responsibilities agents/brokers must adhere to regarding protecting and handling of personal identifiable information (PII). My guess is many simply clicked through these slide to quickly get the training over without realizing the implications.
By signing and agreement with the Federal Government, Centers for Medicare & Medicaid Services (CMS) you agreed to not only protecting PII from improper disclosure, you indicated that you would document how you handle PII. Specifically, on page 19 of the agreement under Safeguarding PII, you agreed to “establish and implement operational, technical, administrative and physical safeguards”. In addition, you agreed to have written procedures for incident handling and breach notification.
By not having these safeguards and notifications in place you are subjecting your agency to multiple fines. As insurance professionals, you insure your clients against risk. Insure you agency against CMS fines with PII policy and procedures. Contact us to learn more.