Let’s be honest... HIPAA compliance isn’t the most exciting topic.
But you know what’s even less exciting? A massive fine for mishandling sensitive client data. Or worse, accidentally exposing a senior’s personal information and putting them at risk of fraud.
HIPAA violations can happen in everyday ways that you might not even think about—like forwarding an email, leaving paperwork out in the open, or discussing client details in the wrong setting.
Let’s cover 4 common sense HIPAA dos and don'ts to help you keep your clients as safe as possible.
HIPAA breaches happen more often than you might think, and when they do, the fallout can be costly—not just financially, but in terms of trust and reputation.
Take RSC Insurance Brokerage, for example. In 2018, an employee’s laptop containing unencrypted protected health information (PHI) was stolen.
Because the data wasn’t properly secured, over 2,000 individuals' personal health information was potentially exposed. Worse, RSC took five months to notify healthcare providers of the breach—well past HIPAA’s 60-day requirement.
The result? A lengthy investigation, damage control, and free identity theft protection for all affected clients—an expensive and time-consuming mess that could have been avoided with simple encryption.
Another example: Arizona Medicaid Agency’s Mailing Error.
A simple mail merge mistake led to 3,146 clients’ private health information being sent to the wrong addresses. While no Social Security numbers were leaked, names and birth dates alone can be used for fraud. This error wasn’t intentional, but that didn’t stop it from being classified as a HIPAA breach requiring formal notifications and corrective action.
The Department of Health and Human Services’ Office for Civil Rights (OCR) enforces HIPAA, and fines for violations can range from $100 to $50,000 per violation, with a maximum penalty of $1.5 million per year for each violation.
A HIPAA breach doesn’t just lead to fines—it can destroy the trust you've probably worked hard to build with your clients. If seniors believe their personal information isn’t safe with you, they might take their business elsewhere.
A PHI breach can lead to identity theft, financial fraud, and other serious harm to seniors, who are already prime targets for scammers.
Let's take a look at some common-sense steps you can take to stay compliant and keep your client's data safe.
Do: Learn what constitutes PHI. If any of these details can be linked to an individual, it qualifies as PHI:
Examples of PHI:
Don't: Assume that non-medical information isn't protected. Even data like insurance details or billing information falls under PHI and must be handled with care.
Do: Use secure, HIPAA-compliant systems (like MedicareCENTER) to store and share client data. These tools are designed to keep sensitive information safe.
Do: If you must send sensitive information via email, use encryption.
Here is a resource on sending encrypted messages with a Microsoft 365 account. Here is information on sending encrypted email in Mac on Mail. This article goes over how to encrypt email in other platforms like Gmail, Yahoo Mail, and more.
Don't: Email Medicare numbers or other personal details back and forth. Regular email isn’t secure, and one wrong click could send private info to the wrong person.
Do: Store client files in secure, password-protected systems—not on your desktop or a sticky note on your monitor. Ensure that physical records are kept in locked cabinets only accessible to you and any necessary staff members.
Don't: Leave physical files, printed applications, or handwritten notes in public view—especially in shared workspaces, coffee shops, or your car.
Do: Make sure only the right people can access client info by setting up unique logins and passwords for each team member. This keeps everything secure and traceable.
Don’t: Let anyone share passwords or leave their computer open and unattended. A few minutes away from the screen is all it takes for sensitive info to end up in the wrong hands.
With MedicareCENTER, you don’t have to stress about HIPAA compliance—it's built into the system:
And the best part? If you’re a contracted agent, it’s completely free to use.
Related: Ultimate Scope of Appointment (SOA) Guide for Medicare Agents
HIPAA compliance isn’t just a box to check—it’s about protecting your clients, your business, and your reputation.
While HIPAA is the federal standard, some states have even stricter privacy laws (like California’s CCPA and Texas’ Medical Records Privacy Act).
That’s why smart agents use secure platforms like MedicareCENTER to ensure they’re handling client data the right way.