Data Encryption Policy
All insuranace agents that are contracted with Premier Companies are required to employ encryption solutions to preserve the confidentiality and integrity of, and control accessibility to, customer data classified as “Protected Health Information (PHI)” where this data is processed, stored or transmitted.
Q: Why is encryption required?
A: Your desktop/laptop may contain Protected Health Information including but not limited to member HICN, social security number, date of birth, address and health conditions. If your desktop/laptop is lost or stolen and it is not encrypted the information contained on the laptop could be obtained by a third party. This would be considered a privacy breach under federal and some state laws.
Q: My computer is password-protected. Isn’t this the same as encryption?
A: No, although password protection is important, it does not render the information on your desktop/laptop as unreadable.
Q: Where can I go to get general information about encryption?
A: The National Institute of Standards and Technology (NIST) is a technology agency under the U.S. Department of Commerce. They have published a guide on their website documenting their recommendations on full-disk encryption for end user devices, such as laptops and desktops.
Q: Who can help encrypt my desktop/laptop?
A: Premier Companies, Inc. recommends contacting your local electronics retailer and asking them for full-disk encryption options which are compatible with your hardware and software. An alternative is reaching out to a reputable security company, such as McAfee or Symantec, for assistance in purchasing a compatible full-disk encryption solution.
Q: Will Premier Companies make any specific recommendations on what solutions I should use?
A: Premier Companies, Inc. does not recommend or support any specific product. However, some commonly known solutions include:
- Symantec Endpoint Encryption – Boot Disk Encryption
- Bitlocker – Boot Disk Encryption
- PGP Desktop – Boot Disk Encryption, Email Encryption
- TrueCrypt – Boot Disk Encryption
- PGP Whole Disk Encryption – Full Disk Encryption
Below is a list of recommended features and functionality the full-disk encryption solution should offer:
- Full-disk encryption (user data, operating system, temporary files, erased files)
- AES-256 bit encryption
- Pre-boot authentication
Q: What happens if I am responsible for the unauthorized dissemination of a customer’s PHI?
A: You may be subject to penalties imposed by federal law up to $1Million per incident.
800-365-8208 ext. 12303
If you have any compliance concerns, contact Premier’s Compliance Department at firstname.lastname@example.org.
Handling sensitive member or consumer information
Double check the email address, fax number, etc. to ensure the intended recipient receives the document
Schedule a meeting in a more non-public area, such as their home or your private office space
Report if your laptop (encrypted or unencrypted) has been lost or stolen
Ensure your laptop, hard copy documents and/or other electronic devices are with you at all times
Shred documents containing PHI
Carry the necessary documents needed in a locked briefcase or folder
Discuss information in public settings, such as in a restaurant or an elevator
Assume that your lost or stolen laptop is not considered to be unauthorized/inappropriate disclosure
Leave your laptop, hard copy documents and/or other electronic devices in your car
Throw away hard copy documents in the trash
Expose documents in an open common area, such as the front or backseat of the car