No SAS-70? That Should Signal an S.O.S!
Your Ship Could Have “Leaks!”

YOU CAN BE HELD PERSONALLY AND CORPORATELY LIABLE if your insurance advisor does not meet SAS-70 standards!

If you or your advisor is failing to adequately protect your employees’ privileged medical and financial information, it could result in FINES and even PRISON time for you.

Just because you execute Business Associate Agreements under HIPAA with advisors doesn’t mean their processes have been TESTED to make sure they really aren’t leaking any Protected Health Information – which can lead to unnecessary headaches and liability for you and your company.

The penalties can be severe for companies whose advisors breach confidentiality rules. To gauge potential damage, HIPAA’s sanctions include:

• $50,000 in fines and one year in prison for improper disclosure of protected health information
• $100,000 in fines and five years in prison for obtaining protected health information under false pretenses
• $250,000 in fines and 10 years in prison for obtaining or disclosing protected health information for personal gain, malicious intent or financial enrichment

The Statement on Auditing Standards (SAS) 70, an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants, is a quality-control tool that assures that the processes your advisor SAYS are secure actually ARE secure. Many advisors say they meet the declared level of security as required under:

• SOX (Sarbanes-Oxley Public Company Accounting Reform and Investor Protection Act)
• HIPAA (Health Insurance Portability and Accountability Act)
• FACTA (Fair and Accurate Credit Transactions Act)
• The Gramm-Leach-Bliley Act, which governs the collection, disclosure and safeguarding of personal financial information
• State-specific regulations that place additional responsibility on brokers to maintain the confidentiality of client data

But are they SAS-70 certified? Has an outside Auditor verified that their processes really do work?

WHAT YOU CAN DO
Choose advisors who have processes in place to protect you. Ask your advisors to answer the following questions. If even one of the answers is “no,” your company may be responsible and liable under the law.

• Has your advisor signed a full Business Associate Agreement pledging protection of your employees’ data?
• Has the Business Associate Agreement been amended to include the provisions of the HIPAA Electronic Security measures?
• Has your advisor provided staff and supervisory training to your employees regarding the provision of the HIPAA requirements and responsibilities?
• Does your advisor subscribe to an outside auditing service to assure the data is secure?
• Can your advisor provide an SAS-70 certification verifying its own processes so you can be certain all steps have been taken to guarantee client data confidentiality?

Here’s one BIG question for YOU:
Have you received an independent Certificate of Compliance regarding your current processes?

Don’t let your advisors undermine your company by giving away privileged information – and don’t leave yourself vulnerable.

Corporate Synergies has passed their SAS-70 Audit verifying our internal processes. Be confident that we know the ins and outs of confidentiality as it pertains to this critical audit process. Call us today at 1-866-CSG-1719 or click HERE to contact us immediately with your concerns.

• Want to learn how to control costs?
• Want to be paperless?
• Out of compliance?
• Want employee communications?
• Want to learn more about us?