Compliance

Data Encryption Policy

Policy Statement

All insuranace agents that are contracted with Premier Companies are required to employ encryption solutions to preserve the confidentiality and integrity of, and control accessibility to, customer data classified as “Protected Health Information (PHI)” where this data is processed, stored or transmitted.

Q: Why is encryption required?

A: Your desktop/laptop may contain Protected Health Information including but not limited to member HICN, social security number, date of birth, address and health conditions. If your desktop/laptop is lost or stolen and it is not encrypted the information contained on the laptop could be obtained by a third party. This would be considered a privacy breach under federal and some state laws.

Q: My computer is password-protected. Isn’t this the same as encryption?

A: No, although password protection is important, it does not render the information on your desktop/laptop as unreadable.

Q: Where can I go to get general information about encryption?

A: The National Institute of Standards and Technology (NIST) is a technology agency under the U.S. Department of Commerce. They have published a guide on their website documenting their recommendations on full-disk encryption for end user devices, such as laptops and desktops.

Q: Who can help encrypt my desktop/laptop?

A: Premier Companies, Inc. recommends contacting your local electronics retailer and asking them for full-disk encryption options which are compatible with your hardware and software. An alternative is reaching out to a reputable security company, such as McAfee or Symantec, for assistance in purchasing a compatible full-disk encryption solution.

Q: Will Premier Companies make any specific recommendations on what solutions I should use?

A: Premier Companies, Inc. does not recommend or support any specific product. However, some commonly known solutions include:

  • Symantec Endpoint Encryption – Boot Disk Encryption
  • Bitlocker – Boot Disk Encryption
  • PGP Desktop – Boot Disk Encryption, Email Encryption
  • TrueCrypt – Boot Disk Encryption
  • PGP Whole Disk Encryption – Full Disk Encryption

Below is a list of recommended features and functionality the full-disk encryption solution should offer:

  • Full-disk encryption (user data, operating system, temporary files, erased files)
  • AES-256 bit encryption
  • Pre-boot authentication

Q: What happens if I am responsible for the unauthorized dissemination of a customer’s PHI?

A: You may be subject to penalties imposed by federal law up to $1Million per incident.

Compliance Contact

Gunnar Qualset

Gunnar Qualset

Compliance Director

[email protected]
800-365-8208 ext. 12303

Compliance Concerns?

If you have any compliance concerns, contact Premier’s Compliance Department at [email protected].

Handling sensitive member or consumer information

DO:

Double check the email address, fax number, etc. to ensure the intended recipient receives the document

Schedule a meeting in a more non-public area, such as their home or your private office space

Report if your laptop (encrypted or unencrypted) has been lost or stolen

Ensure your laptop, hard copy documents and/or other electronic devices are with you at all times

Shred documents containing PHI

Carry the necessary documents needed in a locked briefcase or folder

DON’T:

Send an email, fax or hard copy document containing information to someone other than the intended recipient

Discuss information in public settings, such as in a restaurant or an elevator

Assume that your lost or stolen laptop is not considered to be unauthorized/inappropriate disclosure

Leave your laptop, hard copy documents and/or other electronic devices in your car

Throw away hard copy documents in the trash

Expose documents in an open common area, such as the front or backseat of the car