3 Reasons Insurance Agents Need to Follow HIPAA

Health insurance agents became covered under HIPAA with the HITECH Act of 2009.

The inclusion of insurance agents was a response to the increasing use of electronic health records and the need to safeguard patients’ medical information. Besides the moral and ethical obligation to protect American PHI, here are three reasons in favor of having a strong HIPAA compliance plan- beyond just annual training.

1. Reputation: HIPAA violations can result in negative publicity, which can damage an insurance agent’s reputation and business. By being HIPAA compliant, insurance agents can mitigate the risk of negative publicity and protect their reputation.

2. Avoiding Legal Repercussions: HIPAA violations can result in significant penalties, including fines and legal action. By being HIPAA compliant, insurance agents can avoid these consequences and the associated costs.

3. Competitive Advantage: HIPAA compliance can be a differentiator for insurance agents. By marketing themselves as HIPAA compliant, insurance agents can attract clients who are concerned about the privacy and security of their PHI. This can result in a competitive advantage over other insurance agents who do not prioritize HIPAA compliance.

Examples of Breaches

In 2022, an insurance agent in Illinois was fined $25,000 by the Department of Health and Human Services’ Office for Civil Rights (OCR) for disclosing a client’s PHI to an unauthorized individual. The agent also failed to implement policies and procedures to safeguard PHI, which is a violation of HIPAA regulations.
source: https://www.hhs.gov/about/news/2022/01/31/illinois-insurance-agent-settles-hipaa-charges-for-disclosing-patient-protected-health-information.html)

In 2021, a Tennessee-based insurance agency agreed to pay $45,000 to the OCR for multiple HIPAA violations. The agency failed to conduct a risk analysis, implement risk management plans, and implement policies and procedures to safeguard PHI.
source: https://www.hhs.gov/about/news/2021/07/13/hhs-settles-case-against-tennessee-based-health-insurance-agency-for-potential-hipaa-violations.html)

In 2021, an insurance agency in Michigan was fined $150,000 for multiple HIPAA violations, including failing to conduct a risk analysis, implement policies and procedures to safeguard PHI, and providing unauthorized access to PHI to a third party.
source: https://www.hhs.gov/about/news/2021/08/23/hhs-ocr-settles-case-with-michigan-insurance-agency-over-multiple-hipaa-violations.html)

In 2021, a health insurance broker in Massachusetts was fined $15,000 for disclosing a client’s PHI to an unauthorized individual. The broker also failed to implement policies and procedures to safeguard PHI, which is a violation of HIPAA regulations.
source: https://www.hhs.gov/about/news/2021/06/22/massachusetts-health-insurance-broker-settles-potential-hipaa-violations.html)

It is important to note that these examples are intended to demonstrate the potential consequences of HIPAA violations and are not meant to imply guilt or innocence on the part of the individuals or organizations involved.

If you’re an insurance agent looking to ensure that you are HIPAA compliant, don’t hesitate to reach out to us. We can help you understand the regulations, assess your current compliance status, and provide expert guidance to ensure that you are protecting your clients’ sensitive information. Contact us today to schedule a conversation with Bethany and take steps towards HIPAA compliance.

Sharing is caring!

Documents

Looking for a Business Associate Agreement?

Download our free template to get started on your path toward HIPAA compliance.


Download Now

Want to stay informed?

Join our community, stay ahead of the curve on HIPAA compliance and receive free expert guidance.

State of HIPAA Compliance in 2024

Watch the recording of this webinar to learn more about how you can become and stay HIPAA compliant!

Document

Related Posts

What is Access Control in terms of HIPAA?

What is Access Control in terms of HIPAA?

Access control, in terms of cybersecurity, refers to the practice of managing and regulating who can access specific resources, systems, or data within an organization's network or information...

Save & Share Cart
Your Shopping Cart will be saved and you'll be given a link. You, or anyone with the link, can use it to retrieve your Cart at any time.
Back Save & Share Cart
Your Shopping Cart will be saved with Product pictures and information, and Cart Totals. Then send it to yourself, or a friend, with a link to retrieve it at any time.
Your cart email sent successfully :)