|
Unum has reviewed the HIPAA law and related final regulations to ensure full and
timely compliance of Unum's systems and procedures with applicable HIPAA
requirements.
Back to top
Unum has reviewed the Standards for Privacy of Individually Identifiable Health
Information promulgated by the Department of Health and Human Services
(HHS) pursuant to HIPAA and is complying with these regulations for impacted
products. Most health plans that are covered by the regulations were required
to comply with the new requirements by April 14, 2003.
Please note that the majority of Unum's products are exempt from HIPAA mandates.
For example, Long Term Disability, Short Term Disability, Life, Supplemental
Disability, Accident and Critical Illness coverages are excluded from the HIPAA
privacy regulations. However, certain products are covered including Long Term
Care and various "medical" plans such as Cancer policies (hereafter, "covered
products").
For Long Term Care and other products covered under the HIPAA privacy
regulations, Unum has amended numerous service provider (business associate)
contracts, developed and distributed privacy notices to covered policyholders,
and revised our application and claim authorizations for those products
impacted by the privacy regulations. We are also using HIPAA authorizations
during our underwriting and claims processes for products not covered by HIPAA
to facilitate collection of health information from health care providers who
are covered by HIPAA.
Back to top
Unum is in the process of enhancing our Enterprise Security Framework. This
will provide Unum with a unified security framework that will provide the
direction to ensure the availability, integrity and accuracy of company assets,
customer data, and personally identifiable information. The framework will
provide the foundation that enables secure access to company assets by
employees, customers and business partners any time from anywhere. "Components
include, but are not limited to:"
-
Security policies, procedures and guidelines
-
Security awareness and training
-
Risk assessment and management
-
Data classification
-
Security monitoring and reporting
-
Incident response/management
-
Security consulting
-
Security auditing
-
Implementation/utilization of the security tools of the trade.
Unum is using the Information Security Standards of the ISO 17799 as well as
HIPAA security requirements as guides to the development of this framework. Our
goal is to be in compliance with these standards by the compliance date.
Back to top
Federal regulations adopted under HIPAA establish "Standard Transactions and
Code Sets" for the sharing of certain data by electronic means. These standards
for data elements, code sets and formats are to be used by certain entities
("covered entities") when those entities use electronic data interchange
to conduct certain transactions ("covered transactions") for insurance products
that are covered by HIPAA ("covered products"). "Covered entities" include
certain insurers to the extent their insurance products are covered products.
"Covered transactions" are certain HHS defined transfers, via electronic media,
of information to carry out financial or administrative activities related to
covered products.
Unum has undertaken an extensive review and inventory of its products and data
transfers to verify those that are within the scope of the HIPAA definitions.
We have developed policies and procedures so that Unum is capable of conducting
covered transactions with respect to our covered products using the mandated
Standard Transactions and Code Sets.
Back to top
|