This guest blog post was written by Cheryl Perez, President of BIG-HR & Chief Impact Officer for Cheryl C Perez Enterprises. With nearly 20 years of experience in the employee benefits and HR fields, Cheryl has led her firm to be the largest African American female-owned HR consulting and compliance firm in Northeast Ohio. This blog post was originally published on BIG-HR's blog and republished here with their permission.
Being an insurance agency has lots of moving parts.
I mean getting licensed, staying licensed, doing continuing education credits, training, knowing products that change day in and day out, as well as keeping track of all your carriers and representatives…it's exhausting! Not to mention the fact that every single client that you have expects you to remember every single detail about them and all their employees and policies. That's why having an agency management system (AMS) is so important just so that you can focus on providing the quality service and tracking the necessary information consistently. But there's one more wrench to throw into this scenario. Having an agency management system is also critical to staying in compliance with HIPAA. That's right… you are the keeper of all things PII and you have access to all kinds of PHI, so where are you keeping this information? Are you in compliance with HIPAA?
Maintaining safety for all the documentation that you received day in and day out as an insurance agency is critical and should be a part of your basic business planning. I know folks who keep all their paper documents & files in unlocked file cabinets! Or even worse on/in someone's desk! How about those agencies that keep everything on the Google drive or inside of a drop box? It's scary to think about where some of our important policy applications, health information, and client personal identifying information (PII) is being kept these days. If you aren't making sure that the systems and processes that you are using is protecting that information, then you are subjecting yourself to some major liabilities. You may ask, “Cheryl how do I do this? How do I ensure that my staff and I are doing the right thing when it comes to maintaining client sensitive information?”
Well, the first step is making sure that you have a PII policy in place and that your team and staff have been trained on what that policy is. That policy needs to contain specific instructions from you, as well as the process and steps that are taken if there ever is a breach. Most importantly, you must begin by ensuring that the location and/or system in which you keep all that information meets HIPAA guidelines and standards. It must ensure the protection of all the information it contains. For instance, if you've got all types of paper documents in your file cabinet, technically that file cabinet should be locked and only some people should have access to the information in that file cabinet. If it's in someone's desk, that desk should be locked, and nothing should ever be left on copiers, fax machines, or on top of desks. If you are capturing and maintaining the data electronically you must make sure that the system you're using has encryption and meets HIPAA standards. For instance, a Google drive is not compliant! A drop box is not compliant! On the other hand, an AMS like AgencyBloc IS COMPLIANT, and it's a perfect scenario because it has all the space to maintain the data. So, if you are not set up, get set up ...unless you want all the heartache that could come along with a breech due to carelessness and intent.
Get FREE tools and insights from AgencyBloc delivered directly to your inbox.