Archive for the ‘brokers’ category

Remember Those Pesky Carrier BA Agreements? HHS Just Affirmed Your Liability for Them!

July 12, 2010

In February we started a post with this quote on BA agreements:

“This means a business associate will violate the law, not just his business associate contract, if it fails to meet these requirements” – Priority Health letter to all BA’s.

I hate to be right but last week OCR/HHS reaffirmed this and the role and legal responsibilities of BA’s like brokers with total clarity:

“We expect that most business associates make a good-faith effort to follow the terms of their contracts and comply with current security and privacy standards.”

“For those business associates that have not already adopted HIPAA-compliant privacy and security standards for protected health information, the risk of criminal and/or civil monetary penalties may spur them to increase their efforts to comply with the privacy and security standards.”

This is the fourth post on this subject and clicking here will take you to the relevant paragraphs from numerous carrier BA agreements and how they relate to you as a broker or other type of BA.

Some require a signature, many are simply being done unilaterally by the carriers and some are online. Either way they all state the obvious specifically and clearly and HHS has reinforce this all as well:

  • You are a BA
  • You are subject to the HIPAA / HITECH privacy and security regs
  • Yiou are now subject to breach reporting and penalties for violations just liike the carriers are

And all of this should have been in place no later  than 2/17/2010.

HHS also said last week:

“Regardless of the reason, to avoid the risk of the far more serious penalties in this proposed rule, we expect that business associates and subcontractors that have been lax in their complying with the privacy and security standards may now take steps to enhance their security procedures and strengthen their policies for protecting the privacy of the protected health information under their control.”

Trying to feign ignorance will not work:

“Moreover, a covered entity or business associate cannot assert an affirmative defense associated with its “lack of knowledge” if such lack of knowledge has resulted from its failure to inform itself about compliance obligations or to investigate received complaints or other information indicating likely noncompliance.”

And you are on the hook for your staff and subcontractors as well:

“A business associate is liable, in accordance with the federal common law of agency, for a civil money penalty for a violation based on the act or omission of any agent of the business associate, including a workforce member or subcontractor, acting within the scope of the agency.”

Need help? We have helped dozens of brokers nationwide already.

Click here if you need help getting your house in order for HIPPA / HITECH? We have a turnkey solution for you for both encryption and your policies and procedures.

Advertisements

Brokers – Wake Up! What the Gulf Oil Spill Should Have Taught You on HITECH Compliance

May 7, 2010

The entire reason that we have the gulf spill at all is because BP cut corners and was too cheap to install a $500,000 valve, used in many other countries, that would have allowed the well to be shut off immediately. So for being so cheap they will ultimately end up spending north of $10 Billion besides destroying the coastal ecology in the gulf states. They also were totally unprepared for a disaster and the bad PR has been devastating on BP. Again for lack of planning. They never thought it would happen and this is a company with profits of over $13 Billion in the first quarter alone.

So why is it that Nearly 3 months after the HIPAA HITECH deadline my guess is that 90%+ of all of you who read this are not compliant with the new HITECH  law? You face penalties for breaches in the millions of dollars and for any broker a single breach and the publicity associated with it will destroy your company and your livelihood.

BP will go on regardless you will be out of business. They can be negligent in their risk management but as an insurance professional you know better, it is the way you make your living, helping clients manage risk.

The first firms I worked with this year all had their owners involved in protecting their businesses. Now many brokers seem to have have delegated figuring this all out to a lower level staff or service person with no financial skin in the game and no background in either business or compliance or in the case of email encryption to their outsourced IT person most of whom have no idea what email encryption is.

In essence by not acting in a timely fashion and by delegating compliance to your staff and outsourced IT person you have put your self, your family, your firm’s equity value and your entire reputation at enormous risk.

Frankly inaction, or a lot of what I see that goes for action is just plain dumb. Do you really think that a major breach of PHI will not or cannot happen to your organization? Please!

For what??  Trying to save a few bucks? Denying that the law applies to you? Trying to plead ignorance? Claiming to be too busy?

In reality you can easily make your firm completely compliant with this “HITECH For Dummies” guide and these easy steps:

  1. A Risk Assessment
  2. Policies and Procedures
  3. Breach/Disaster management plan
  4. Email Encryption

1,2 & 3 can be done for $1000-$3000 max. All of this can be done in 4-6 weeks with a couple hours work a week by your firm. That is all. Compliance Helper does this everyday for BA’s and CE’s

Getting the best and easiest to use encryption solution solution in the industry will cost you about $.60/user per day. That is right 2 quarters and a dime a day per user. That is why we created the RadarMail 360 Suite. Regardless of your firm’s size you all have the same compliance needs and we have a solution for solo agents to the largest local, regional and national firms.

Cost is clearly not the reason that your organization is not compliant. HHS views inaction as “willful neglect” and that maximizes any penalties for your firm’s lack of compliance and breaches.

Two weeks ago none of us thought that the Gulf Shore of the United States was in imminent peril from offshore oil. Now we know better and should have all along.

You have had a warning here for you business. Are you going to heed it and act to protect your business? Or pretend that you will never have any issues and never be audited by HHS or your state Attorney General and never be fined for a law that your know you have to comply with?

So what will 2 weeks from now look like for your firm when you are non compliant?

Broker Website Ratings Updated for 2010

May 6, 2010

One of the most popular features on the Industry Radar is our Broker Website Ratings which drew nearly 25,000 page views last year alone.

The survey debuted last year with around 400 firms rated. This year we reviewed nearly double – 775 – and the results are quite interesting.

You can see our rating criteria here.

Ratings are from 1 to 4:

  1. Billboard -129 firms (17%) – plain, basic, little to no marketing value
  2. Brochureware – 353 firms (46%) – either an online brochure or design is “old” or poorly executed with limited marketing value
  3. Basic Website – 252 firms (32%) – design is OK, some content, mostly focused on telling firm’s story
  4. Marketing Site – 42 firms (5%) – Creative, visually appealing, online tools, good content

The baseline for a good site of a “3” only applies to about a third of all brokerage firms half are “2” and overall 63% are either a “1” or a “2”.

In 2009 the percentages were 7%/53%/34%/6%. Not a lot of difference for the 2-4’s but as we extended our survey to include smaller firms, i.e, those under $2 million in revenue, NFP, UBA and HRBA members and others the lack of marketing savvy became more apparent with the “1” rankings more than doubling.

One area where there was a big improvement was in firms that could be found when googling “employee benefits their city, their state”.  Last year only 30 were found in the Top 10 in their market, now 246 are, a huge jump helped though to a large degree by the fact that is we found firms in the top 10 in our research, that had a website we added them to our survey.

The fact that we created our webpages and they got nearly 25,ooo hits also helped boost the visibility in general of brokers in general.

Check out this year’s results? How did your firm fare? Has your work over the last year paid off or are you still in the dark ages and viewing your website as not an important component of how prospects and customers view your organization?

We will be blogging more on this over the next week but if you are a “1” or “2” you really need to think about your firm’s image online because prospects and customers use the web as a way to research and “pre shop” for help and if your site isn’t up to snuff you are losing potential business.

In fact our broker website ranking page drew nearly 25,000 page views in the last year of people googling specific firm names, or looking for brokers and ratings in a given geography. So do you still think that you website is not important to your business?

PS – if you would like to be rated or have updated your site since we did our review and would like us to update it please email us here.

The PHI Magic 18 for HIPAA HITECH

April 27, 2010

One question that keeps coming up in our webinars is what exactly defines PHI. There are 18 elements that individually, in concert or if they can be related to other information define protected personal information.

Here is a quick list. The details are here from our good friend the “Privacy Professor”, Rebecca Herold.

(1) Names

(2) All geographic subdivisions smaller than a State, including street address, city, county, precinct, zip code, and their equivalent geocodes, except for the initial three digits of a zip code if, according to the current publicly available data from the Bureau of the Census:

(a) The geographic unit formed by combining all zip codes with the same three initial digits contains more than 20,000 people; and

(b) The initial three digits of a zip code for all such geographic units containing 20,000 or fewer people is changed to 000.

(3) All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death; and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older;

(4) Telephone numbers;

(5) Fax numbers;

(6) Electronic mail addresses;

(7) Social security numbers;

(8) Medical record numbers;

(9) Health plan beneficiary numbers;

(10) Account numbers;

(11) Certificate/license numbers;

(12) Vehicle identifiers and serial numbers, including license plate numbers;

(13) Device identifiers and serial numbers;

(14) Web Universal Resource Locators (URLs);

(15) Internet Protocol (IP) address numbers;

(16) Biometric identifiers, including finger and voice prints;

(17) Full face photographic images and any comparable images; and

(18) Any other unique identifying number, characteristic, or code, except as permitted by paragraph (c) of this section; and

(ii) The covered entity does not have actual knowledge that the information could be used alone or in combination with other information to identify an individual who is a subject of the information

PPACA in 5 Minutes – Overview Video

April 22, 2010

Click the image for a great concise 5 minute overview of the law and its impact in 2010/2o11 from my old UNUM collleague David Cleary.

Its PPACA…Not Alpaca

April 21, 2010

We thought we might try and make the confusing topic of healthcare reform – formally known as  “Patient Protection and Affordable Care Act” – or PPACA for short – a little more fun.

Introducing ppacaradar.com as you one resource for the best content on the web for researching and understanding this important new legislation.

In fact the webmaster for the website is PPACA the Alpaca, a gentle and patient creature, as all alpacas are, whose job it is to patiently find the best resources and ultimately answer your questions without any political or emotional agenda.

We will be creating a master FAQ database culled from sources we find online with links to them for you as well.

Visit frequently as content is updated daily.

PPACA welcomes content suggestions, questions and helpful ideas so please email him at ppaca@theindustryradar.com.

We hope you find this site useful in navigating the brave new world of healthcare.

Healthcare Reform Radar Launched as One Stop for Help

April 20, 2010

Whether you like it or not – and there is plenty not to like (as well as to like) and yet to be defined – the health reform bill – PPACA –  is the law of the land. Yes it is big and confusing, but not as much as one might think when experts, like the links we provide put their minds to the task.

I know many of you, especially brokers have been busy answering questions for clients and putting on education sessions so the Industry Radar decided to create a special section to help.

We have looked at over 200 websites from brokers, carriers, media, consultants and more to put together our overview and links for you.

We have summarized the law by five major areas for you in a timeline and the links at the top of each page were the best resources we found – the ones in bold being the most useful. There are web links, PDFs, on demand webinars, slide decks and more for you to access for your research.

Where did we find the least resources? Amazingly – or maybe not so –  the healthplans sites were worthless in terms of the information on their sites. The five links you see are all that we could find for 100 or so national, BCBS and regional plans we follow.  The industry media was even less useful, just as they had been with HIPAA HITECH. Literally nothing to use on any site but Business Insurance. The mainstream media had numerous quality sources led by CNN and CBS.

Most helpful,  as usual, were brokers of many sizes. Gallagher, Willlis, Buck, Segal/Sibson, Trion, Precept were among the better sites as well as Benico from Huntley, Il. John Garven, a mid sized broker and long time student of the industry has a great resource center and a great website in general.

The vast majority of the 100 websites we looked at of the Top 100 BI list of brokers,  actually under a third, had any specific information readily visible and many simply had links to third party sources which has value at least.

If you would like us to include your site and any of its resources here or have any other good links email me and we will look at them.

PS – To their credit at least today UHC and Wellpoint announced that they will extend coverage to those <26 immediately, even though hteh law for that doesn’t go into effect until 9/23/2010. Bravo to them for showing leadership on a provision that can cover as many as 6 million of our children at little real cost acting in the spirit of reform. A very nice gesture.