Ind. Admin. Code tit. 760, r. 4-5-2
Authority: IC 27-19-1-4; IC 27-19-4-1
Affected: IC 24-4.9-1; IC 27-19-1-4; IC 27-19-4-1
Sec. 2. (a) The commissioner shall, in consultation with the secretary, develop a privacy and security agreement for navigators and application organizations pursuant to this rule.
(b) Navigators and application organizations shall maintain and protect all personal information received from individuals when assisting such individuals with application for and enrollment in a QHP through a health benefit exchange or in a public health insurance program with reasonable operational, administrative, technical, and physical safeguards to ensure its confidentiality and to prevent unauthorized or inappropriate access, use, or disclosure of such personal information.
(c) Navigators and application organizations shall follow all state and federal laws governing the privacy and security of personal information received from individuals whom they are assisting with application for and enrollment in a QHP through a health benefit exchange or in a public health insurance program.
(d) Navigators and application organizations shall comply with the following safeguards to maintain and protect the confidentiality of personal information:
(e) If a security breach or improper disclosure of personal information occurs, the navigator or application organization shall:
(f) Navigators and application organizations shall make available their internal privacy practices and policies upon request by the department.
(g) If a navigator or application organization does not comply with the requirements of this rule, the commissioner may initiate an enforcement action against the navigator or application organization under 760 IAC 4-7.
(Department of Insurance; 760 IAC 4-5-2; filed Jun 10, 2016, 1:21 p.m.: 20160706-IR-760150033FRA; readopted filed Nov 30, 2022, 11:39 a.m.: 20221228-IR-760220302RFA)