part ii marketplace privacy security requirements for
play

Part II: Marketplace Privacy & Security Requirements for Agents - PowerPoint PPT Presentation

Nov 11, 2022 •368 likes •771 views

Part II: Marketplace Privacy & Security Requirements for Agents and Brokers June 21, 2018 Centers for Medicare & Medicaid Services (CMS) Center for Consumer Information & Insurance Oversight (CCIIO) Disclaimer The information

  1. Part II: Marketplace Privacy & Security Requirements for Agents and Brokers June 21, 2018 Centers for Medicare & Medicaid Services (CMS) Center for Consumer Information & Insurance Oversight (CCIIO)

  2. Disclaimer The information provided in this presentation is intended only as a general informal summary of technical legal standards. It is not intended to take the place of the statutes, regulations, and formal policy guidance that it is based upon. This presentation summarizes current policy and operations as of the date it was presented. Links to certain source documents have been provided for your reference. We encourage audience members to refer to the applicable statutes, regulations, and other interpretive materials for complete and current information about the requirements that apply to them. This document generally is not intended for use in the State-based Marketplaces (SBMs) that do not use HealthCare.gov for eligibility and enrollment. Please review the guidance on our Agents and Brokers Resources webpage (http://go.cms.gov/CCIIOAB) and Marketplace.CMS.gov to learn more. Unless indicated otherwise, the general references to “Marketplace” in the presentation only includes Federally-facilitated Marketplaces (FFMs) and State-based Marketplaces on the Federal Platform (SBM-FPs). This communication was printed, published, or produced and disseminated at U.S. taxpayer expense. 1

  3. Webinar Agenda • Background/Previous Webinars • Review of Requirement to Provide a Privacy Notice Statement Review of Required Security Controls • Key Reminders and Resources • • Other Marketplace Updates • Questions and Answers 3

  4. Background This presentation is a follow on to the September 27, 2017 webinar on Marketplace Privacy & • Security Requirements for Agents and Brokers , which is available on the Resources for Agents and Brokers webpage. • Topics covered in this resource include: Key Sources for Agent and Broker – Requirements Requirement for Privacy Notice Statement – Requirement to Obtain Consumer Consent – Prior to Assistance – Providing Correct Information to the Marketplace – Authorized Functions for Use of Personally Identifiable Information (PII) Best Practices to Manage Risks to – Information Security Reporting an Incident or Breach of PII – 4

  5. Background Also be sure to review the presentation from the May 24, 2018 webinar on Compliance • with Marketplace Requirements: Considerations for Agents and Brokers , which is available on the Resources for Agents and Brokers webpage . Topics covered in this resource • include: – Requirement to Obtain Consumer Consent Prior to Assistance – Assisting Consumers Who Do Not Have an Email Address – Assisting Consumers Who May Qualify for Medicare Coverage – How to Report Potentially Fraudulent Activity 5

  6. PII Definition • PII is defined* as information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other information that is linked or linkable to a specific individual. • Section II(b) of the Individual Marketplace Privacy and Security Agreement and the Small Business Health Options Program (SHOP) Privacy and Security Agreement specifies the types of PII that an individual may encounter in performing the role of an agent or broker in the Marketplace. • Examples of PII include name, Social Security number, address, email address, and date of birth. * See Office of Management and Budget Memoranda M-17-12 (January 3, 2017) 6

  7. Part II: Marketplace Privacy & Security Requirements for Agents and Brokers Review of Requirement to Provide a Privacy Notice Statement 7

  8. Provision of Privacy Notice Statement Prior to collecting PII, you must provide a Privacy Notice Statement • that is prominently displayed: – On a public-facing website, if applicable, or – On the electronic and/or paper form used to gather and/or request PII. • The statement must be written in plain language and provided in a manner that is accessible and timely to people living with disabilities and with limited English language proficiency. Failure to comply with the Privacy Notice Statement requirement • could result in termination of your Agreement(s) with CMS and registration with the Marketplace. • The Individual Marketplace Privacy and Security Agreement and the SHOP Privacy and Security Agreement have more information about the Privacy Notice Statement. 8

  9. Content of Privacy Notice Statement • The statement must contain, at a minimum, the following information (you should substitute the underlined content in brackets with content that is specific to your operations): The statement should inform applicants that information they provide will be • submitted to CMS (a federal agency) and will be maintained in a federal System of Records. 9

  10. Myths and Facts about the Privacy Notice Statement Myth Clients must sign the Privacy Notice Statement. 10

  11. Myths and Facts about the Privacy Notice Statement Myth Clients must sign the Privacy Notice Statement. Fact NOT TRUE! Consumers do not need to sign the Privacy Notice Statement. You must provide it to your clients by either conspicuously displaying it on a public facing website or including it on the electronic and/or paper form used to gather and/or request PII. 11

  12. Myths and Facts about the Privacy Notice Statement Myth The Privacy Act Statement that consumers view at HealthCare.gov satisfies the requirement that I provide my clients a Privacy Notice Statement. 12

  13. Myths and Facts about the Privacy Notice Statement Myth The Privacy Act Statement consumers view at HealthCare.gov satisfies the requirement that I provide my clients a Privacy Notice Statement. Fact NOT TRUE! Your Privacy Notice Statement must be tailored to describe your privacy practices and include all of the required minimum information described on Slide 9. 13

  14. Myths and Facts about the Privacy Notice Statement Myth Prior to assisting any Marketplace client, I must provide both the Privacy Notice Statement and obtain the client’s consent to my assistance. 14

  15. Myths and Facts about the Privacy Notice Statement Myth Prior to assisting any Marketplace client, I must provide both the Privacy Notice Statement and obtain the client’s consent to my assistance. Fact TRUE! The Privacy Notice Statement must be provided and the consumer must give consent prior to you collecting the consumer’s PII or helping the consumer apply for financial help and/or enrolling in a Marketplace qualified health plan (QHP). 15

  16. Comparison of Privacy Notice Statement and Consumer Consent Privacy Notice Statement Consumer Consent When? Prior to collecting the consumer’s PII Prior to collecting PII and providing assistance in applying for financial help and/or enrolling in a Marketplace QHP Signature Required? No No Model Notice Available? No No Required Content? Legal authority to collect PII Should acknowledge that you have informed • • • Purpose of the information the client of the functions and responsibilities collection; that apply to your role in the Marketplace To whom PII might be disclosed, Should include the following: • • and for what purposes - The client’s name Authorized uses and disclosures - The date the consent was given • of any collected information - The name of the agent(s) or broker(s) to • Whether the request to collect whom consent was given (Note that this PII is voluntary or mandatory could include additional names of agents under the applicable law or brokers if the consenter authorized Effects of non-disclosure if an multiple agents or brokers within the • individual chooses not to provide same organization) the requested information Source of Requirement? Individual Marketplace Privacy and Agent and broker standards of conduct: 45 CFR § Security Agreement and SHOP 155.220(j)(2) Privacy and Security Agreement 16

  17. Part II: Marketplace Privacy & Security Requirements for Agents and Brokers Review of Required Security Controls 17

  18. Security Controls To protect consumer PII throughout the year, you must establish and • implement operational, technical, administrative, and physical safeguards that ensure that: – PII is only used by or disclosed to those authorized to receive or view it; – PII is protected against any reasonably anticipated threats or hazards to the confidentiality, integrity, and availability of such information; – PII is protected against any reasonably anticipated uses or disclosures of such information that are not permitted or required by law; and – PII is securely destroyed or disposed of in an appropriate and reasonable manner and in accordance with CMS retention requirements. • You are also responsible for ensuring that members of your workforce who have a need for consumer PII to perform their duties strictly follow these safeguards. 18

  19. Security Controls (Continued) You must monitor, periodically assess, and update your security controls and • related system(s) to ensure the continued effectiveness of those controls. • You must also develop and utilize secure electronic interfaces when transmitting PII electronically. 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Marketplace Mandate Part 2 : Proper Motivation for the Marketplace Marketplace Mandate Part 2 :

Marketplace Mandate Part 2 : Proper Motivation for the Marketplace Marketplace Mandate Part 2 :

Marketplace Mandate Part 2 : Proper Motivation for the Marketplace Marketplace Mandate Part 2 : Proper Motivation for the Marketplace 1 Corinthians 4:5 Therefore judge nothing before the time, until the Lord comes, who will both bring to

989 views • 20 slides
ORC Chapter 420-3-26-.15 and 10 CFR Part 37 Changes to Physical Security Protection Requirements

ORC Chapter 420-3-26-.15 and 10 CFR Part 37 Changes to Physical Security Protection Requirements

ORC Chapter 420-3-26-.15 and 10 CFR Part 37 Changes to Physical Security Protection Requirements A Brief History of Security Measures - 11/14/05 - EA-05-090: NRC Order Imposing Increased Controls (IC). In Alabama the Orders were implemented by

498 views • 27 slides
CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security in Healthcare Li Xiong Healthcare security and privacy HIPAA overview Research survey on information security and privacy in healthcare

1.05k views • 57 slides
Security and Data Privacy Instructor: Matei Zaharia cs245.stanford.edu Outline Security

Security and Data Privacy Instructor: Matei Zaharia cs245.stanford.edu Outline Security

Security and Data Privacy Instructor: Matei Zaharia cs245.stanford.edu Outline Security requirements Key concepts and tools Differential privacy Other security tools CS 245 2 Outline Security requirements Key concepts and tools

873 views • 62 slides
Security and Data Privacy Instructor: Pratiksha Thaker cs245.stanford.edu Outline Security

Security and Data Privacy Instructor: Pratiksha Thaker cs245.stanford.edu Outline Security

Security and Data Privacy Instructor: Pratiksha Thaker cs245.stanford.edu Outline Security requirements Key concepts and tools Differential privacy Other security tools CS 245 2 Outline Security requirements Key concepts and tools

1.53k views • 86 slides
Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B.

Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B.

5/18/2016 Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B. Authentication 12C. Authorization Security and Privacy 12D. Trust 12E. At-Rest Encryption Mark Kampe (markk@cs.ucla.edu) Security and Privacy

116 views • 8 slides
SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY

SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY

SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY Christian Kaestner with slides from Eunsuk Kang Required reading: Hulten, Geoff. "Building Intelligent Systems: A Guide to Machine Learning

1.95k views • 113 slides
Ha Hardes est T t Things A s Abou out C t CCPA Pr Privacy & Security Academy Oc

Ha Hardes est T t Things A s Abou out C t CCPA Pr Privacy & Security Academy Oc

Ha Hardes est T t Things A s Abou out C t CCPA Pr Privacy & Security Academy Oc October 15, 2019 Introduction Part rtici cipa pants Industry Professionals Fenwick Aaron Ting Lael Bellamy Lead Counsel, Product & Privacy

295 views • 25 slides
FERPA Family Educational Rights & Privacy Act Federal Requirements for Security of Public

FERPA Family Educational Rights & Privacy Act Federal Requirements for Security of Public

FERPA Family Educational Rights & Privacy Act Federal Requirements for Security of Public School and College Student Data The Office of Legal Affairs Presented by: Venus D. Boston, Assistant Legal Counsel What is FERPA? The Family

597 views • 24 slides
Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in many ways over the years. Usually privacy is concerned with the individual human being. We may talk about privacy as the control over your own

230 views • 21 slides
S & P SECURITY & PRIVACY GROUP Security and Privacy for Payment Channel Networks

S & P SECURITY & PRIVACY GROUP Security and Privacy for Payment Channel Networks

FAKULTT FR !NFORMATIK Faculty of Informatics S & P SECURITY & PRIVACY GROUP Security and Privacy for Payment Channel Networks Pedro Moreno-Sanchez Blockchain Summer School BDLT19 Vienna, Sep 2nd 2019 Blockchain Research

1.41k views • 73 slides
Security & Privacy in P2P Networks Niels Olof Bouvin 1 Overview Aspects of security*

Security & Privacy in P2P Networks Niels Olof Bouvin 1 Overview Aspects of security*

Security & Privacy in P2P Networks Niels Olof Bouvin 1 Overview Aspects of security* Venues of attack Techniques for anonymity & censorship resistance Securing a DHT *This is not the interesting part to talk about during the exam 2

964 views • 62 slides
FERPA Family Educational Rights & Privacy Act Federal Requirements for Security of College

FERPA Family Educational Rights & Privacy Act Federal Requirements for Security of College

FERPA Family Educational Rights & Privacy Act Federal Requirements for Security of College Student Data The Office of Legal Affairs Presented by: Venus D. Boston, Assistant University Legal Counsel What is FERPA? The Family Educational

562 views • 21 slides
SECURITY , PRIVACY AND TRUST IN INTERNET OF THINGS: THE ROAD AHEAD S. Sicari, A. Rizzardi, L.A.

SECURITY , PRIVACY AND TRUST IN INTERNET OF THINGS: THE ROAD AHEAD S. Sicari, A. Rizzardi, L.A.

SECURITY , PRIVACY AND TRUST IN INTERNET OF THINGS: THE ROAD AHEAD S. Sicari, A. Rizzardi, L.A. Grieco, A. Coen-Porisini Tran Song Dat Phuc SeoulTech 2015 Table of Contents Introduction Objectives IoT Security Requirements:

600 views • 44 slides
Differential Privacy (Part III) Approximate (or ( , ))-differential privacy

Differential Privacy (Part III) Approximate (or ( , ))-differential privacy

Differential Privacy (Part III) Approximate (or ( , ))-differential privacy Generalized definition of differential privacy allowing for a (supposedly small) additive factor Used in a variety of applications A query mechanism M is (

1.27k views • 43 slides
Be,er Privacy and Security via Secure Computa9on Jonathan Katz Security/privacy would be much

Be,er Privacy and Security via Secure Computa9on Jonathan Katz Security/privacy would be much

Be,er Privacy and Security via Secure Computa9on Jonathan Katz Security/privacy would be much easier if there were someone we could all TRUST with our data Be8er data mining -- using MORE data, while respec@ng users PRIVACY

888 views • 35 slides
www.researchingmeditation. com He a lth o f Austra lia n Me dita to rs 95 * 90 * * * 85 *

www.researchingmeditation. com He a lth o f Austra lia n Me dita to rs 95 * 90 * * * 85 *

Dr Rame sh Manoc ha MBBS BSc PhD Me dita tio n Re se a rc h Pro g ra mme , Se nio r L e c ture r De pa rtme nt o f Psyc hia try, Unive rsity o f Sydne y www.researchingmeditation. com He a lth o f Austra lia n Me dita to rs 95 * 90 * *

513 views • 14 slides
Transcatheter aortic valve implantation current patient selection and approaches to care

Transcatheter aortic valve implantation current patient selection and approaches to care

Transcatheter aortic valve implantation current patient selection and approaches to care James L Velianou MD, FRCPC Director, Cardiac Care Unit Co-Director, Catheterization Laboratory Interventional Cardiology Hamilton Health Sciences

571 views • 34 slides
MINIMIZING NEUROLOGIC COMPLICATIONS IN THE TREATMENT OF THE THORACIC AORTA 1 UCSF

MINIMIZING NEUROLOGIC COMPLICATIONS IN THE TREATMENT OF THE THORACIC AORTA 1 UCSF

UCSF Vascular & Endovascular Symposium 2019 UC SF Preventing SCI in Thoracic Aortic Procedures MINIMIZING NEUROLOGIC COMPLICATIONS IN THE TREATMENT OF THE THORACIC AORTA 1 UCSF Vascular & Endovascular Symposium

489 views • 20 slides
Overview of TREC 2013 Ellen Voorhees Text REtrieval Conference (TREC) Back to our roots, writ

Overview of TREC 2013 Ellen Voorhees Text REtrieval Conference (TREC) Back to our roots, writ

Overview of TREC 2013 Ellen Voorhees Text REtrieval Conference (TREC) Back to our roots, writ large KBA, Temporal Summarization, Microblog original TIPSTER foci of detection, extraction, summarization TDT, novelty detection

538 views • 43 slides
INSTITUTE FOR INNOVATION THR~UGH HEALTH DATA Dipak Kalra Georges De Moor President Advisory

INSTITUTE FOR INNOVATION THR~UGH HEALTH DATA Dipak Kalra Georges De Moor President Advisory

THE EUROPEAN INSTITUTE FOR INNOVATION THR~UGH HEALTH DATA Dipak Kalra Georges De Moor President Advisory Board Chair Electronic Health Records for Clinical Research Responding to a convergence of needs Clinical Research needs Healthcare

242 views • 11 slides
C o o p e r a t i v e A r c h i t e c t u r e s a n d A l g o r i

C o o p e r a t i v e A r c h i t e c t u r e s a n d A l g o r i

C o o p e r a t i v e A r c h i t e c t u r e s a n d A l g o r i t h m s f o r D i s c o v e r y a n d T r a n s c o d i n g o f M u l t i - v e r s i o n C o n t e

382 views • 24 slides
A Time-Domain Veto for Binary Inspirals Search Gianluca M. Guidi Universit di Urbino- INFN

A Time-Domain Veto for Binary Inspirals Search Gianluca M. Guidi Universit di Urbino- INFN

A Time-Domain Veto for Binary Inspirals Search Gianluca M. Guidi Universit di Urbino- INFN Firenze-Urbino LIGO Visitor - CALTECH A Time-Domain Veto for Binary Inspirals search The distinction between actual gravitational waves from binary

141 views • 12 slides
The Higgs pT distribution Chris Wever (TUM) In collaboration with: F. Caola, K. Kudashkin, J.

The Higgs pT distribution Chris Wever (TUM) In collaboration with: F. Caola, K. Kudashkin, J.

The Higgs pT distribution Chris Wever (TUM) In collaboration with: F. Caola, K. Kudashkin, J. Lindert , K. Melnikov, P. Monni, L. Tancredi GGI: Amplitudes in the LHC era, Florence 16 Oktober, 2018 Outline Introduction Ingredients for

595 views • 38 slides

More recommend