Phase 2 HIPAA Audits and What They Mean For Agents

By Todd Sexton

Insurance Carriers and their business associates (including insurance agents) are being targeted by the OCR for phase 2 HIPAA audits. These audits began in March 2016 and specifically address organizational policies, procedures and documentation for data security. Most notably the privacy, security and data breach notifications in place in the case of an information breach.

What does this mean for insurance agents?

Ultimately, you now need evidence of your safeguards for protected health information (PHI).

Phase 2 Audits are initiated with a required response questionnaire that targets receive in the mail. The questionnaire must be returned within 14 days of receipt and if any major violations are found, targets progress to Phase 3 scrutiny.

What does this mean for insurance agents?

If a significant violation is determined in Phase 3 the target could face fines ranging from $100 - $50,000. If you receive an audit request before becoming compliant it will most likely be too late to adjust, leaving you vulnerable to the possibility of large fines and reputational harm.

Next Steps:

• Develop your plan for HIPAA compliance. Try using these 8 easy tips!
• Implement and document your compliance plan, stay tuned for more on this topic.
• CEO? Find out your responsibilities for data breach, here.

Compliance Tools for NAPA Members:

• InfoSafe^® – Complete Compliance and Certification program designed for small business and independent contractors; HIPAA, GLBA, Red Flag Rules, State Laws and more.
• Delivery Trust – A complete product that provides user-friendly secure email encryption and a legally binding end-to-end e-signature solution, available individually or as an affordable package.
• Cyber Liability Insurance – Provides expert response to handle the process of a data breach including legal costs and forensic analysis, customer notifications, public relations and payment of damages.