As Human Resource and Benefits professionals you understand the importance of confidentiality and security when handling sensitive personal data and health care information. During a dependent audit some of the most sensitive employee data available is gathered and processed. This data includes: Birth Certificates, Divorce Decrees, Tax Forms, Marriage Licenses and many other documents. If you are considering a dependent eligibility audit it is important to make sure that your vendor has the proper controls and processes in place to protect your employees data.
New HIPAA regulations also require employers to learn more about who their vendors may be subcontracting with for services. A recent article in Employee Benefit Adviser indicated that “Health plans are going to have to be more diligent about knowing who their business associates are and who their business associates contract with downstream“. Security is not only important to your organization, but it is also one of the top concerns of your employees should you choose to perform a dependent audit.
Since dependent verification audits are a growing industry right now, many vendors are entering the marketplace to offer these services. While increased competition is always good for the consumer, it can also create situations where the vendor’s processes are not properly designed to handle the sensitive data of your employees.
Document Receipt
Documents can be sent to the vendor through many different channels. Here are few considerations regarding the two most highly utilized channels.
Postal Mail – Is mail delivered directly to the vendor, or is it sent to a third-party? If it is sent to a third-party this introduces another organization into the process that must be properly investigated and vetted. The more organizations that are involved in handling your employees sensitive data, the higher the chances are of a security breach. Are the physical documents shuffled around the office during the entire verification process? If your vendor does not electronically image each document as it arrives there is a greater chance of not only losing the documents, but there is also an increased exposure to document theft. Where are the physical documents stored? Whether the documents are stored with a third party or directly with the vendor you should ask whether or not they have security cameras, badge access, and other measures in place to limit access to these documents.
Fax – Does the vendor use a traditional fax machine to receive faxes? If so, is this fax machine in a secure location with limited access? If they use an electronically based method for receiving faxes, is access to this channel secure? Do they have the computer properly locked down so that individuals can’t email or save documents to a USB drive.
Part 2 of this series will discuss document processing and call center operations.
