As a Medicare sales agent, you may occasionally receive or send unencrypted emails containing protected health information (PHI). Here's what to do if this happens:

Why Encryption Matters

Unencrypted emails containing PHI can be intercepted and misused for fraudulent purposes. Protecting our members' PHI is crucial, as Medicare and Medicare fraud cost over $100 billion annually.

What to Do if You Receive an Unencrypted Email with PHI

1. Do Not Respond Unencrypted: Always encrypt your response and remind the sender to encrypt emails containing PHI.

2. Contact the Sender: Notify them of the need to encrypt PHI in all communications.

What to Do if You Accidentally Send an Unencrypted Email with PHI

1. Contact the Receiver: Ask them to delete the unencrypted email immediately.

2. Resend the Email Encrypted: Ensure the email is properly encrypted this time.

3. Report the Incident: For agents, report to ATRIO’s HIPAA Privacy Office at Rhonda.saundersricks@atriohp.com. Include details about what happened, the PHI involved, and encrypt your report.

Wrap-Up Reminder for Agents

If you receive an unencrypted email with PHI, do not respond without encryption and remind the sender to do so. If you send an unencrypted email, contact the receiver to delete it, resend it encrypted, and report the incident to ATRIO’s HIPAA Privacy Office.

Thank you for your attention to this important matter. Protecting our members' PHI is a shared responsibility, and your diligence is crucial.

Last updated Jul 12, 2024