Articles

Security & Privacy Considerations When Conducting a Dependent Eligibility Audit

Tony Schy March 17, 2011

If you are planning to conduct a dependent eligibility audit on your own, there are many things to consider.  Below is a list of items related to security & privacy that you should think through.

1. When your employees send you verification documents, are you going to retain them?  If so, they’ll need to be in a secure location. And depending on your size, you may need a considerable amount of space.
2. Are you going to accept documents submitted via fax?  If so, the fax itself should either go straight to an email, or be located in a room that is physically secure and not generally open to the public.
3. Are you going to accept documents submitted via email?  We suggest that you don’t because email is inherently insecure.  If you do accept them, where will you store the electronic copies?  They need to be in a location that is not accessible by others.  They also need to be in a location that is backed up frequently. This consideration also applies to inbound electronic fax files.
4. Are you going to accept “walk-in” submission of documents.  For single site locations this is even more important.  If you do, be sure to consider how you might provide a confirmation receipt and how you are going to keep the items secure immediately upon receipt.  Use caution with drop boxes that are not permanently secured.
5. Are you going to scan documents?  If so, might you use a third party to do the scanning?  If so, they need to have many of the same security features as you do.
6. If people call with questions, what procedures will you have in place to authenticate the caller?  Spouses, attorneys and journalists can call and “pose” as an employee to fish for information.
7. If you are going to use temporary help to manage the workload, be sure to provide them some training on privacy and confidentially.  In addition, consider not permitting them to use their cell phone or personal laptops while working your project.  You may also want to only allow them to use a PC that is strictly locked down:  minimal ability to access the internet (i.e. no checking of personal email or Facebook posting), no thumb drive or CD drive capability, and no printing.
8. Be prepared to answer questions about privacy & security from your employees.  Some that are not obvious are:  How will you ensure that my identity is not stolen?  Are you going to turn me into the IRS?  Are you going to turn me into the INS?

Learn more about how to conduct a dependent eligibility audit in The Dependent Audit Guide.

Email/Share

Tags: Dependent Audit, Dependent Eligibility Audit, Dependent Verification Audits, Reduce Health Care Costs, security privacy dependent audit