Benefits administrator blog from Delta Dental

Tag: privacy practices (Page 1 of 2)

How to respect enrollee (data) privacy

2-minute read

According to a recent survey, 90% of people worry about their data privacy, yet most feel powerless to protect it. We don’t want you to feel this way when it comes to your enrollees’ data. While Delta Dental has cyber risk experts and safeguards in place to keep enrollee data secure when we’re handling it — including personally identifiable information (PII) and protected health information (PHI) — you can take some simple steps to keep enrollee data private when it’s in your hands too.

We asked some of our cyber risk specialists for their top tips to help you safeguard private enrollee data.

Keep (and share) only what’s needed
The more private enrollee data you have, the bigger the risk. If the data has already served its purpose and there isn’t an operational or legal need for it, it’s best to destroy it. The same principal applies when sharing sensitive information — send the minimum amount needed to get the job done.

Slow down, and check before you send
Before you transmit any private enrollee data, double check that you’re sending the correct information to the correct recipient. This may sound like common sense, but one of the most common types of privacy incidents is sending sensitive data to the wrong person — electronically or via snail mail. Be sure that you have the most current enrollee addresses, and always update any necessary partners who may also need them (like us!).

Build a strong virtual defense
Password protection is a key player, but it’s just one part of the privacy defense. Using a VPN for remote access, maintaining strong firewalls and conducting regular vulnerability scans are also crucial to data privacy. If you’re sending any sensitive data through email, be sure to do so safely, such as through secure file transfer processes (SFTPs). And don’t forget about that data when it’s not in transit — using encryption for data at rest adds an extra layer of defense. (Pro-tip: Never store private, sensitive data in your email.)  

Empower yourself and your team
Data privacy can seem overwhelming without the right training. Cyber risks are always evolving, like phishing scams that have gotten so advanced, it’s difficult for most people to spot a fake. That’s why it’s so important for anyone who handles PII or PHI to receive regular training to identify threats and keep enrollee private data safe.    

Want more tips like these? Subscribe to Word of Mouth, our newsletter for benefits administrators, human resources professionals and businesses.

Are you a broker, agent or consultant? Subscribe to Insider Update, our newsletter for benefits producers.

Check enrollee notices off your year-end to-do list

1-minute read

With the holiday season in full swing, sometimes our daily to-do lists seem never-ending. That’s why we’re helping you cross one thing off your list: Educating new enrollees — and reminding current enrollees — about their rights.

Federal and state laws require groups to notify enrollees about enrollee rights and privacy practices.1 The good news is, we’ve made it easy for you to share this information.

You can learn more about the notices on our administrator web pages. Enrollees can also view and download each notice on our website. Additionally, during open enrollment we provide groups with an enrollee flyer summarizing the notices.

Please share the notices with current enrollees annually and with all new enrollees within 30 days of eligibility.

Not sure how to share? Here are some tips:

  • Post the notices on your company Intranet
  • Email employees a link to the notices
  • Place copies of the notices in common areas, or in the HR area
  • Include copies of the notices in your next company mailing

If you or enrollees have any questions about the notices, you can call 866-530-9675.

Now, take a deep breath and get back to the rest of your to-do list.

For more tips like this for benefits administrators, human resources professionals and businesses, subscribe to Word of Mouth.

Are you a broker, agent or consultant? Subscribe to Insider Update, our newsletter for benefits producers.

1 Self-funded groups are not required to share Delta Dental’s enrollee notices and may opt to use their own notices; however, these notices cannot be in conflict with Delta Dental’s practices. If you have questions about your notices, please contact your account manager.

Pass the cranberries — and these enrollee notices!

With the holiday season upon us, it can be easy for things to get lost in the hustle and bustle. Be sure that educating new enrollees — and reminding current enrollees — about their rights isn’t one of them.

Federal and state laws require groups to notify enrollees about enrollee rights and privacy practices.1 The good news is, we’ve made it easy for you to share this information.

You can find the notices on our new administrator web pages. Enrollees can also view and download each notice on our website. Additionally, during open enrollment we provide groups with an enrollee flyer summarizing all of the notices.

Please share the notices with current enrollees annually, and with all new enrollees within 30 days of eligibility.

Not sure how to share? Here are some tips:

  • Post the notices on your company Intranet
  • Email employees a link to the notices
  • Place copies of the notices in common areas, or in the HR area
  • Include copies of the notices in your next company mailing

If you or enrollees have any questions about the notices, you can call 866-530-9675.

Now relax, and enjoy that second helping of stuffing. And if you need a little encouragement getting into the holiday spirit, be sure to check out our fall issue of Grin!, Delta Dental’s free oral health e-magazine.

 

 

 

1 Self-funded groups are not required to share Delta Dental’s enrollee notices, and may opt to use their own notices; however, these notices cannot be in conflict with Delta Dental’s practices. If you have questions about your notices, please contact your Account Manager.

Pumpkin spice, autumn skies … and enrollee notices?

When the leaves start changing, it’s a sign that open enrollment is just around the corner. This is a great time to educate new enrollees — and remind current enrollees — about their rights.

Federal and state laws require groups to notify enrollees about enrollee rights and privacy practices.1 Don’t worry — we’ve made it easy for you to share. All of the notices are available on our website, where enrollees can view and download each document. Additionally, during open enrollment we provide groups with an enrollee flyer summarizing all of the notices.

Please share the notices with current enrollees annually, and with all new enrollees within 30 days of eligibility.

Not sure how to share? Here are some tips:

  • Post the notices on your company Intranet
  • Email employees a link to the notices
  • Place copies of the notices in common areas, or in the HR area
  • Include copies of the notices in your next company mailing

If enrollees have any questions about the notices, they can call 866-530-9675.

Now relax, and enjoy the season! And for more ways to have fun this fall, encourage enrollees to subscribe to Grin!, our free oral health e-magazine.

 

1 Self-funded groups are not required share Delta Dental’s enrollee notices, and may opt to use their own notices; however, these notices cannot be in conflict with Delta Dental’s practices.

Certified Ethical Hacker: Oxymoron or Information Security genius?

We hope you’ve enjoyed reading our internal spotlight series on Delta Dental’s Information Security. (In case you missed any content, check out our article on employee training and compliance and our interview with Sitaram Inguva, Director of Information Security.)

Did you ever think you’d be thankful to read the term “hacker”? If not, we may have a new perspective for you. Meet Chad Greiner, Security Engineer III and Certified Ethical Hacker (CEH) in training, and see how he’s going the extra mile to protect your organization’s privacy.

 

Q: How long have you been with Delta Dental, and what other jobs have you held in your field?

A: I’ve been here for about six years. Before joining this team, I worked for a medical alert device company. I served as the main administrator for their entire IT operation.

Q: You’re training to become a CEH. Are there any other certifications you have or plan to earn?

A: Yes, I’m a Certified Information Systems Security Professional (CISSP). The CISSP seems sort of like a generalized job title, but it’s actually a comprehensive certification. To sit for the exam, you have to have about five years’ worth of work experience, be recommended by a fellow CISSP in good standing and re-certify every three years. The CEH is kind of an extension of the CISSP, except it focuses on strategies to help you think like a criminal — so you’re better armed to prevent a cyberattack.

Q: I think that makes sense. Sort of like an information security version of Criminal Minds. With that said, do you think the CEH is a controversial certification?  

A: We don’t view it as controversial within the security industry. My perspective is that any type of attack is a crime, so in any criminal field, you need to understand the people you’re trying to catch or obstruct to be effective at your job.

Q: That makes sense. How would you respond to criticism that the title “ethical hacker” is an oxymoron?

A: In my mind, intent is what makes an action ethical or unethical. I’m not necessarily learning how to break things; instead, I’m learning how things can be broken to prevent breaches in security from occurring.

Q: What do you think is the most important aspect of your CEH training?

A: Learning about what tools are out there has been extremely important. Early on in my career, there weren’t as many “hacking” opportunities readily available to experienced cybercriminals, let alone the average person. The way technology is evolving has made it easier to access private information — so it’s that much more important to learn every defense against cyberattacks that we can.

Q: Why do you think being a CEH is particularly valuable to an analyst within an organization like Delta Dental?

A: Knowing what to protect against — knowing what avenues people can take in an attack — is critical. It’s really the first and most important step in securing private information. Our clients can have confidence in knowing that, with a CEH, we’re able to get into a criminal’s mindset and get a step ahead of them.

Q: Absolutely. Okay, this is the most important question of all. If you could choose any superhero to compare your work to, who would you choose and why?

A: I can honestly say I’ve never thought about this […] I’d have to say Captain America, since he has the shield and I really see myself as shielding our organization and our clients from people and scenarios that could jeopardize everyone’s privacy.

 

Thanks for reading our series on Information Security! Stay tuned for more client news and insights from Delta Dental.

 

« Older posts

© 2020 Word of Mouth

Theme by Anders NorenUp ↑