Protecting customer data is the law and you have an obligation to your customers to handle their data with care. This of course becomes even more important when handling extremely sensitive health data. Insurance companies risk massive penalties and reputational damage from audits or data leaks.
The penalties for non-compliance with the GDPR are up to €20 million, or 4% annual global turnover – whichever is higher. No insurer should risk that. But we still meet insurers who naively trust a manual process to protect sensitive customer data.
Never trust a manual process
Medical advice is an especially vulnerable part of the claims process, where you share personal information and medical journals externally. With a letter of authorization, it's usually not a problem – but how you communicate and share your documents may expose you to high risk.
Encrypted emails give many insurers a false sense of security. The technology may be compliant, but like any manual process involving other people, it’s prone to human errors. Staying compliant becomes a battle to stay in control – relying on trust and sheer luck.
An example: you send a case to a medical advisor by email and attach the claim and medical journals.
Now you must trust the medical advisor to:
- Secure their computer with strong passwords, malware protection, and preferably have the possibility to erase the computer if stolen
- Delete all documentation, including the email, if it contains personal information when the advisor finishes the case – which may be extra hard because many email clients automatically download all attachments
- Accidentally not leaving an email in the inbox, “Draft” or “Sent”.
The points seem quite trivial, adding to the risk of forgetting.
But they don't only apply to your medical advisor; the same goes for your claims handlers. If everyone follows the above process, you may be compliant. But how can you make sure?
To add complexity, if a customer requests you delete all personal information according to GDPR, which is their absolute right, do you know where all that information is?
Customer safety and your reputation as an insurance company become a gamble when you let manual processes such as email communications into your claims process.
A systematic approach
Luckily, there’s a solution to every problem. In the above case, the solution is quite simple: replace your manual management with a system that supports the process. With a tailored tool for personal injuries, you fully control your data and remain compliant – while keeping the customer secure.
Mavera DSS is that tool because it streamlines and safeguards all communication and document sharing with your medical advisors.
Here’s how it works:
- The system helps delete information when you no longer need it.
- You get a complete audit trail where you can track what happened when and by who.
- Documentation is streamed to the medical advisors, prohibiting them from downloading any documentation.
Mavera is also certified with ISO-27001 and holds many security features like two-factor authorization and secure servers in the EU/EEA.
There’s no point risking expensive penalties or data leaks anymore. Reach out, and let's talk about how we can make your claims process more secure.