Retaining Personal Identifying Information with Permission & for a Purpose

Username & Pword healthcare.govEnrollment Assisters:

One way to save anywhere from 15 minutes to an hour during an enrollment appointment is to avoid having to reset a client’s username and password for a new email address or healthcare.gov. Saving this information from year to year is a sensitive Personally Identifying Information (PII) issue but CMS does in fact, allow it with the proper forms.

CMS makes it clear that PII can’t be saved without the expressed permission of the client and without the expressed purpose of using the information to follow up on an appointment (for next year, to confirm times, etc).  Including a line about retaining a username and password is also permissible if the above requirements are met.

Assisters, make a point of starting this practice if you have not yet. Also remember that these forms must be stored securely!

Here is a model CMS form that could be used as a starting point. If your organization already has satisfactory privacy notice statements, a form more like this one could be used at an organization in Nebraska as well.  Further information can be found in this CMS Suggested Guidance.

Leave a Reply

Your email address will not be published.