A Guide To Protecting Your Data

The Consolidated Appropriations Act  (CAA) provides access to claims data and is a valuable resource for employers, providing them with a treasure trove of information about employee healthcare utilization, costs, and demographic patterns. By effectively harnessing this data, employers can gain valuable insights and make data-driven decisions to optimize their benefits programs. However, it is essential to prioritize privacy and security when handling sensitive information. In this article, we will explore key considerations for self-insured employers who have access to claim files and highlight the importance of engaging experts to manage and interpret this valuable resource.  It is always best to consult your cybersecurity expert and consider all applicable regulations, but here is a quick list of security provisions to consider.

Access Control: To safeguard sensitive claim data, limit access to authorized personnel only. Implement robust authentication measures such as strong passwords, two-factor authentication, and role-based access controls. This ensures that only those who genuinely need access can view the information.

Employee Training:  Comprehensive training for employees handling medical claim files is crucial. Educate them on data protection, privacy regulations, and security best practices. Highlight the importance of safeguarding sensitive information and the potential consequences of mishandling it. Well-informed employees are essential for maintaining data security.

Physical Security: For physical claim files, store them in a secure location such as a locked cabinet or room accessible only to authorized personnel. Implement additional security measures like video surveillance and visitor access controls to prevent unauthorized access to the physical files.

Data Encryption: Utilize industry-standard encryption protocols to encrypt electronic medical claim files both during transmission and storage. Encryption adds an extra layer of protection, making it significantly more challenging for unauthorized individuals to access sensitive information.

Secure Network Infrastructure: Maintain a secure network infrastructure by utilizing firewalls, intrusion detection systems, and regular security updates. It is essential to separate sensitive medical claim files from general network access to minimize the risk of unauthorized access or data breaches.

Regular Audits: Conduct periodic audits of systems, processes, and access controls to identify any vulnerabilities or security gaps. Implement a review process to ensure compliance with security protocols and regulations. Audits help identify potential weaknesses and enable prompt remediation. 

Vendor Management: If third-party vendors handle medical claim files, perform due diligence to ensure they have appropriate security measures in place. Establish clear agreements that define the responsibilities and obligations of vendors regarding data protection. Thoroughly vetting vendors helps mitigate risks associated with data handling.

Data Breach Response Plan: Develop a comprehensive data breach response plan outlining the necessary steps to be taken in the event of a security incident. This plan should include procedures for notifying affected individuals, regulatory authorities, and implementing appropriate remedial actions. Having a well-defined response plan helps minimize the impact of data breaches. 

Data Retention and Disposal: Establish a data retention policy that specifies how long medical claim files will be retained and the procedures for their secure disposal when no longer needed. Follow industry best practices for data destruction to ensure sensitive information is irrecoverable, thereby reducing the risk of unauthorized access.

Compliance with Regulations: Stay up to date with applicable data protection and privacy regulations, such as the Health Insurance Portability and Accountability Act (HIPAA) in the United States. Ensure compliance with all legal requirements related to the storage and protection of medical claim files. This helps mitigate legal risks and demonstrates a commitment to data privacy.

Why Engage an Expert?

Considering the size and complexity of claim files, engaging third-party data experts can prove beneficial. There is a very strong case for employers to think about engaging a company that is independent of their carrier, third-party administrator, or broker to bring order and understanding to the file. Data experts possess the necessary experience and infrastructure to manage large claim files effectively. They can assist in structuring the data, extracting relevant insights, and providing actionable information to decision-makers. Leveraging their expertise allows employers to optimize their health plans and achieve cost meaningful cost savings.

About the author: Neil Smithson is a partner in  He has helped healthcare providers and their foundations bring order to their patient data for over 20 years.  His predictive models have streamlined business processes by bringing actionable insight to improve the patient experience.