Secure Email Policy

Scope

This policy applies to brokers, navigators and certified application counselors (CACs).

Policy Details

In carrying out their duties, assisters will handle one or more types of personally identifiable information (PII) concerning individuals. Federal and state law govern the use and disclosure of this data. Assisters are responsible for ensuring proper handling and safeguarding PII collected, created, used, maintained or disclosed on behalf of MNsure.

As part of the annual required privacy and security training, MNsure-certified assisters agree to use encryption, access restrictions or other data protection measures when storing, transmitting, remotely accessing or disseminating sensitive information in the performance of duties.

To meet their legal obligation to protect consumer privacy and personally identifiable information, assisters are required use a secure email when transmitting PII to the Assister Resource Center (ARC) or Broker Service Line.

As defined, above, PII includes, but is not limited to, a person’s name, birthdate, Social Security number, phone, address, tax credit information, household income, eligibility information, enrollment information, tax filing status, income, family size and health information.

Procedures

Assisters must request a secure email for any inquiry that contains protected information. The ARC and Broker Service Line will not respond to emails that contain PII that has not been sent securely.

Procedure for Agents and Brokers

1. Send a regular email to the Broker Service Line at brokers@mnsure.org, and in the subject line, type "request secure email."
2. The Broker Service Line will send a secure email redirecting with a link to a secure site.
3. Go to that site to set up an account.
4. Secure emails may then be sent from that account to the Broker Service Line. Secure emails do not expire and can be re-used. When reusing a secure email update the subject line to reflect the type of case you are submitting.

Procedure for Navigators and CACs

1. Send a regular email to the ARC at navigators@mnsure.org, and in the subject line, type "request secure email."
2. The ARC will send a secure email redirecting with a link to a secure site.
3. Go to that site to set up an account.
4. Secure emails may then be sent from that account to the ARC. Secure emails do not expire and can be re-used. When reusing a secure email update the subject line to reflect the type of case you are submitting.

Assisters that have their own encrypted email service may request permission to use that service instead. The request should be submitted to the ARC (navigators and certified application counselors) or the Broker Service Line (agents and brokers) so that the service can be reviewed for compliance with MNsure’s encryption standards. Generally, MNsure currently accepts emails encrypted using Microsoft or ZixCorp, but MNsure may request additional information about the encryption service.

Terms and Definitions

• Assister: Refers to brokers, navigators and certified application counselors (CACs)
• Personally identifiable information (PII): Any information about an individual maintained by an agency, including 1) any information that can be used to distinguish or trace an individual's identity. such as name, Social Security number, date and place of birth, mother's maiden name or biometric records; and 2) any other information that is linked or linkable to an individual, such as medical, educational, financial and employment information.

References

• Exchange Privacy Rule (45 C.F.R. § 155.260)
• Health Insurance Portability and Accountability Act (HIPAA)
• Minnesota Administrative Rules, Privacy and Security (part 7700.0080)
• Minnesota Government Data Practices Act