Between Cyber Security, HIPAA, and Medicare Compliance most Life & Health agents have a hard time trying to figure out where to start. Although we want to complete a task and be done with it, cyber security best practices and protecting your organization’s networks and sensitive data is a commitment that lasts all year long.

To help you stay compliant, we’ve compiled a list of security measures and action steps you can take throughout the year to prioritize your compliance all year long.

  • January: Review and change all of your passwords.  Create STRONG passwords or passphrases that are at least 12 characters in length and include upper and lower-case letters, numbers, and symbols.  A strong password with 12 characters takes 200 years to hack versus an 8-character password which only takes 19 minutes! You should also enable two-factor authentication.  This is the easiest way to protect your account from getting hacked.  If you have initiated two-factor authentication, you can wait up to six months before changing those passwords again.
  • February: Review your HIPAA Privacy and Security policies for any updates and changes.  Once these are complete, distribute them to any employees and get each employee to attest that they have read, understood and will comply with each document.  Remember to save these attestations for 10 years!
  • March: Review all of your HIPAA Business Associate Agreements (BAA) and send out a questionnaire to make sure your vendors/BAAs are complying with your agreement.  Review each response and determine if this relationship will still be a part of your business plan moving forward.
  • April: Complete your HIPAA Physical Site Audit and IT Risk Assessment for your organization or through a third-party vendor.  Don’t forget to get a BAA!  HIPAA Consultants like HIPAA_Secure Now or Compliancy Group can guide you through this process so you don’t feel overwhelmed.
  • May: Institute phishing simulations and trainings for yourself and the entire office to detect risky emails and attachments by utilizing Google’s Phishing Quiz.  If you want a program that keeps track of your accomplishments, trainings, and has a reporting mechanism, try PHIshMD.  According to Herjavec Group, 90% of cyberattacks are initiated by a phishing scam…that is scary stuff!
  • June: Attend Hovis & Associates’ Compliance meeting where you earn free CE, get your annual HIPAA training (or complete on your own), and receive the latest Medicare Compliance updates.  Send us an email if you want to receive information and updates!
  • July: Complete your annual AHIP training that includes the Medicare Learning Network’s (MLN) Medicare Parts C and D General Compliance and Fraud, Waste and Abuse (FWA) training.  Keep in mind that any employee that helps you with Medicare customer service must complete the MLN’s General Compliance and FWA training as well.  Remember to save all of your certificates for 10 years in case you are audited!
  • August: Finish each individual Medicare company’s training and certification so you are ready-to-sell for the following year!
  • September: For those of you who have employees that help you serve your Medicare clients AND who have not taken the Company’s certification, you must distribute each Medicare Company’s Code of Conduct (COC) and any other compliance document(s) that that company distributes.  Please have each employee attest to reading, understanding and following those documents.
  • October: Study the Medicare Communications and Marketing Guidelines (MCMG) to ensure compliant marketing and selling practices during Medicare’s busiest time of year!  Note that CMS has a Medicare Communications and Marketing Guidelines Update Memo that should be referenced with the previous link.
  • November: Concentrate on selling this month so you can hire someone else to take care of all this for you!
  • December: Obtain forms from all employees that help protect you and your business like a Conflict of interest form or Electronic Communication Employee Acknowledgement.

If you would like a more thorough explanation of what to do to be Compliant, Hovis & Associates is here to help. We Make the Complicated SIMPLE! Call 888-613-6196 and ask for Heather Hovis!