Benefits administrator blog from Delta Dental

Tag: data security

How to respect enrollee (data) privacy

2-minute read

According to a recent survey, 90% of people worry about their data privacy, yet most feel powerless to protect it. We don’t want you to feel this way when it comes to your enrollees’ data. While Delta Dental has cyber risk experts and safeguards in place to keep enrollee data secure when we’re handling it — including personally identifiable information (PII) and protected health information (PHI) — you can take some simple steps to keep enrollee data private when it’s in your hands too.

We asked some of our cyber risk specialists for their top tips to help you safeguard private enrollee data.

Keep (and share) only what’s needed
The more private enrollee data you have, the bigger the risk. If the data has already served its purpose and there isn’t an operational or legal need for it, it’s best to destroy it. The same principal applies when sharing sensitive information — send the minimum amount needed to get the job done.

Slow down, and check before you send
Before you transmit any private enrollee data, double check that you’re sending the correct information to the correct recipient. This may sound like common sense, but one of the most common types of privacy incidents is sending sensitive data to the wrong person — electronically or via snail mail. Be sure that you have the most current enrollee addresses, and always update any necessary partners who may also need them (like us!).

Build a strong virtual defense
Password protection is a key player, but it’s just one part of the privacy defense. Using a VPN for remote access, maintaining strong firewalls and conducting regular vulnerability scans are also crucial to data privacy. If you’re sending any sensitive data through email, be sure to do so safely, such as through secure file transfer processes (SFTPs). And don’t forget about that data when it’s not in transit — using encryption for data at rest adds an extra layer of defense. (Pro-tip: Never store private, sensitive data in your email.)  

Empower yourself and your team
Data privacy can seem overwhelming without the right training. Cyber risks are always evolving, like phishing scams that have gotten so advanced, it’s difficult for most people to spot a fake. That’s why it’s so important for anyone who handles PII or PHI to receive regular training to identify threats and keep enrollee private data safe.    

Want more tips like these? Subscribe to Word of Mouth, our newsletter for benefits administrators, human resources professionals and businesses.

Are you a broker, agent or consultant? Subscribe to Insider Update, our newsletter for benefits producers.

Fear and comfort: Why businesses should care about data security

As technology advances and we make more and more personal information vulnerable to cyber breaches, it’s difficult not to feel fear or anxiety about cyber security. According to the FBI’s Internet Crime Complaint Center, the FBI receives an average of 284,000 complaints each year of cybercrimes ranging from identity theft to phishing scams.

When businesses are on the line, the stakes are high. But that doesn’t mean you can’t find peace of mind when conducting business with other organizations. To find some comfort, ensure you are asking the right questions before you trust your information with a third party, including software vendors, hosting service providers and even insurers. As an insurer, Delta Dental handles both personally identifiable information (PII) and personal health information (PHI), so we take cybersecurity extremely seriously.

To point you in the right direction, we asked our security experts on staff to list some categories and questions to begin. Here are some of their suggestions.

Questions about baseline security considerations

  • What policies does your organization have in place to safeguard information?
  • How often do organizations review and update their security posture?
  • What measures has the organization taken to prevent security breaches and/or threats?

Delta Dental uses both our enterprise code of conduct and federal regulations to guide our information security practices, and we regularly update our policies.

Questions about physical security safeguards

  • Does the organization employ multi-factor authentication? Are any of these combined for two-factor authentication? Here are three ways to authenticate:
    • Something you know (pin, password or similar codes)
    • Something you are (a biometric verification)
    • Something you have (a smart card, badge or chip)

At Delta Dental we use a variety of physical safeguards, including limiting physical and cyber access to PII and PHI. We are proud to employ a “principal of least privilege.” This means staff should only have a level of access that is absolutely necessary.

Questions about technical safeguards

  • How does your organization secure data in transit?
  • Does your organization use encryption for data at rest?
  • Does your organization conduct regular vulnerability scans?
  • How does your organization evaluate third parties who may have access to PII or PHI?

For instance, we use secure file transfer processes (SFTPs) for data in transit to and from Delta Dental. We use encryption for any sensitive information — in transit and at rest.

We also use a vendor evaluation matrix to determine what information our vendor partners have access to, and compare access to the level of risk they pose. We then categorize vendors as high-, medium- or low-impact vendors and assess them accordingly.

Questions about incident reporting protocol

  • What is your process for reporting a cyber security incident?
  • What is your timeline for reporting a cyber security incident?

These questions are crucial for building trust with an organization. At Delta Dental, we have four ways for employees to report any information breaches and three mandatory training programs to educate and encourage our employees on best practices in information security.

Want more tips like these? Subscribe to Word of Mouth, our newsletter for benefits administrators, human resources professionals and businesses.

Are you a broker, agent or consultant? Subscribe to Insider Update, our newsletter for benefits producers.

© 2020 Word of Mouth

Theme by Anders NorenUp ↑