Health Care Facility | Insurers | Related Initiatives  

Storing and Sharing Information

Each Insurer is expected to train their staff on their organization’s privacy, retention rules as well as cybersecurity measures to protect the data in the HCAI system and the Insurer system.

Insurers are asked to:

  • Ensure your staff has privacy/security training on a regular basis and that changes in the HCAI system are communicated in a timely manner
  • Provide access on a role-based model and promptly remove or change access as staff moves or leaves—this includes the management of third party adjusters
  • Assist in any investigation should there be a breach involving your organization’s data

Dos and Don’ts

  • Do ensure information is directed to the correct Facility.  Especially with OCFs, which contain personal information in them.
  • Do protect paper copies of signed OCFs. Once an OCF is printed, it is the responsibility of the Insurer to protect it. Paper copies of the OCFs should follow best business practices for printing, storing, and disposal. Retention guidelines should define which version is the official copy and apply separate and shorter time lines for copies.
  • Do not fax or mail any claimant information to HCAI. Insurers must only submit claimant information via the electronic system ( or through your integrated system). Faxing or mailing to HCAI will constitute a breach of privacy and the Insurer will be notified. The information will be shredded by HCAI.
  • Do not copy data to the hard drive of a portable unit or storage device unless known to your supervisor.