Health insurance agents became covered under HIPAA with the HITECH Act of 2009.
The inclusion of insurance agents was a response to the increasing use of electronic health records and the need to safeguard patients’ medical information. Besides the moral and ethical obligation to protect American PHI, here are three reasons in favor of having a strong HIPAA compliance plan- beyond just annual training.
1. Reputation: HIPAA violations can result in negative publicity, which can damage an insurance agent’s reputation and business. By being HIPAA compliant, insurance agents can mitigate the risk of negative publicity and protect their reputation.
2. Avoiding Legal Repercussions: HIPAA violations can result in significant penalties, including fines and legal action. By being HIPAA compliant, insurance agents can avoid these consequences and the associated costs.
3. Competitive Advantage: HIPAA compliance can be a differentiator for insurance agents. By marketing themselves as HIPAA compliant, insurance agents can attract clients who are concerned about the privacy and security of their PHI. This can result in a competitive advantage over other insurance agents who do not prioritize HIPAA compliance.
Examples of Breaches
In 2022, an insurance agent in Illinois was fined $25,000 by the Department of Health and Human Services’ Office for Civil Rights (OCR) for disclosing a client’s PHI to an unauthorized individual. The agent also failed to implement policies and procedures to safeguard PHI, which is a violation of HIPAA regulations.
source: https://www.hhs.gov/about/news/2022/01/31/illinois-insurance-agent-settles-hipaa-charges-for-disclosing-patient-protected-health-information.html)
In 2021, a Tennessee-based insurance agency agreed to pay $45,000 to the OCR for multiple HIPAA violations. The agency failed to conduct a risk analysis, implement risk management plans, and implement policies and procedures to safeguard PHI.
source: https://www.hhs.gov/about/news/2021/07/13/hhs-settles-case-against-tennessee-based-health-insurance-agency-for-potential-hipaa-violations.html)
In 2021, an insurance agency in Michigan was fined $150,000 for multiple HIPAA violations, including failing to conduct a risk analysis, implement policies and procedures to safeguard PHI, and providing unauthorized access to PHI to a third party.
source: https://www.hhs.gov/about/news/2021/08/23/hhs-ocr-settles-case-with-michigan-insurance-agency-over-multiple-hipaa-violations.html)
In 2021, a health insurance broker in Massachusetts was fined $15,000 for disclosing a client’s PHI to an unauthorized individual. The broker also failed to implement policies and procedures to safeguard PHI, which is a violation of HIPAA regulations.
source: https://www.hhs.gov/about/news/2021/06/22/massachusetts-health-insurance-broker-settles-potential-hipaa-violations.html)
It is important to note that these examples are intended to demonstrate the potential consequences of HIPAA violations and are not meant to imply guilt or innocence on the part of the individuals or organizations involved.
If you’re an insurance agent looking to ensure that you are HIPAA compliant, don’t hesitate to reach out to us. We can help you understand the regulations, assess your current compliance status, and provide expert guidance to ensure that you are protecting your clients’ sensitive information. Contact us today to schedule a conversation with Bethany and take steps towards HIPAA compliance.