Data Encryption Policy

Policy Statement
All insurance agents that are contracted with GoldenCare or National Independent Brokers, Inc (NIBI) are required to employ encryption solutions to preserve the confidentiality and integrity of, and control accessibility to, consumer data classified as “Protected Health Information (PHI)” where this data is processed, stored or transmitted.

Q: Why is encryption required?
A: Your desktop/laptop may contain Protected Health Information including but not limited to member HICN, social security number, date of birth, address and health conditions. If your desktop/laptop is lost or stolen and it is not encrypted the information contained on the laptop could be obtained by a third party. This would be considered a privacy breach under federal and some state laws.

Q: My computer is password-protected. Isn’t this the same as encryption?
A: No, although password protection is important, it does not render the information on your desktop/laptop as unreadable.

Q: Where can I go to get general information about encryption?
A: The National Institute of Standards and Technology (NIST) is a technology agency under the U.S. Department of Commerce. They have published a guide on their website documenting their recommendations on full-disk encryption for end user devices, such as laptops and desktops.

Q: Who can help encrypt my desktop/laptop?
A: GoldenCare and NIBI recommend contacting your local electronics retailer and asking them for full-disk encryption options which are compatible with your hardware and software. An alternative is reaching out to a reputable security company, such as McAfee or Symantec, for assistance in purchasing a compatible full-disk encryption solution.

Q: Will GoldenCare / NIBI make any specific recommendations on what solution(s) I should use?
A: GoldenCare and NIBI don’t recommend or support any specific product. However, some commonly known solutions include:.

  • Symantec Endpoint Encryption – Boot Disk Encryption
  • Bitlocker – Boot Disk Encryption
  • PGP Desktop – Boot Disk Encryption, Email Encryption
  • TrueCrypt – Boot Disk Encryption
  • PGP Whole Disk Encryption – Full Disk Encryption

Below is a list of recommended features and functionality the full-disk encryption solution should offer:

  • Full-disk encryption (user data, operating system, temporary files, erased files)
  • AES-256 bit encryption
  • Pre-boot authentication

Q: What happens if I am responsible for the unauthorized dissemination of a customer’s PHI?
A: You may be subject to penalties imposed by federal law up to $1Million per incident.

Questions? Contact Compliance

Email compliance@goldencareusa.com
Phone: 800.842.7799 ext. 119210

Compliance Concerns?

If you have any compliance concerns, contact GoldenCare’s on-site Compliance Team at compliance@goldencareusa.com