Privacy Best Practices

Posted by BAS - 17 May, 2012

header-picture

BAS remains vigilant about keeping client data private and secure. Toward that end, BAS practices several best practices to ensure that communications are made only to intended recipients. All employers may benefit from some of BAS' standard practices.

1. Call Center Verification. The BAS call center fields hundreds of questions each day from participating employees. Before our call center professionals will provide information to an employee, the caller is asked to identify two pieces of personal information, such as home address (including zip code), date of birth, last 4 digits of social security number, or BAS reference or ID number. The call center can also process self-verification; whereby the caller can enter verification information over the telephone, before access to a client service representative. When the caller reaches client services, the caller has to verify only one piece of personal information.

2. Keep Passwords Secure. As discussed in previous newsletters, a unique User ID and Password is required to access MyEnroll.com. Access to MyEnroll.com is denied after 5 unsuccessful login attempts. BAS employees are instructed not to write down passwords and to use sufficiently complex passwords that cannot be extrapolated.

3. Lock your Computer. BAS' internal computer screens automatically lock after a limited period of no access. The automatic locking feature is a necessary part of business today. All BAS employees are instructed to manually lock their computers if stepping away from their desks, without having to wait for the automatic lock.

4. Shred Paper. BAS maintains easily accessible shredders for employee use. If documents are scanned into our secure system, employees are advised to shred papers with identifying information.

5. Monitor Documents Left on Printer. The BAS privacy official and her delegate visit open printers throughout the day to monitor documents. If a document with personal information is inadvertently left on a printer, the document is confiscated and either returned to the generating employee or shredded.

BAS takes great interest in maintaining the privacy of personal information and continually implementing best practices for data security. Companies should review their privacy best practices to make sure they are in keeping with a changing workforce.

Topics: MyEnroll360 Security


Recent Posts

Question of the Week - Mid-Year Enrollment for Health Coverage

read more

OCR Reports to Congress on HIPAA Compliance and Breaches of Unsecured Protected Health Information

read more

Find your QELs in MyEnroll360

read more