Secure Email Policy

Scope

This policy applies to MNsure-certified assisters, which includes brokers, navigators and certified application counselors (CACs).

Policy Details

In carrying out their duties, assisters will handle one or more types of individuals' personally identifiable information (PII). Federal and state law govern the use and disclosure of this data. Assisters are responsible for ensuring proper handling and safeguarding PII collected, created, used, maintained or disclosed on behalf of MNsure.

As part of the annual required privacy and security training, MNsure-certified assisters agree to use encryption, access restrictions or other data protection measures when storing, transmitting, remotely accessing or disseminating sensitive information in the performance of duties.

To meet their legal obligation to protect consumer privacy and personally identifiable information, assisters are required use a secure email when transmitting PII to the Assister Resource Center (ARC) or Broker Service Line.

As defined, above, PII includes, but is not limited to, a person’s name, birthdate, Social Security number, phone, address, tax credit information, household income, eligibility information, enrollment information, tax filing status, income, family size and health information.

Procedures

Assisters must request a secure email for any inquiry that contains protected information. The Assister Resource Center (ARC) and Broker Service Line (BSL) will not respond to emails that contain PII that has not been sent securely.

Assisters that have their own encrypted email service may request permission to use that service instead. Navigators and certified application counselors can submit a request to the Assister Resource Center (ARC) and brokers can submit a request to the Broker Service Line (BSL). The service will be reviewed for compliance with MNsure’s encryption standards. Generally, MNsure currently accepts emails encrypted using Microsoft or ZixCorp, but MNsure may request additional information about any encryption service.

Procedure for Agents and Brokers to Request a Secure Email from MNsure

1. Send a regular email to the Broker Service Line at brokers@mnsure.org, and in the subject line, type "request secure email."
2. The BSL will send a secure email redirecting with a link to a secure site.
3. Go to that site to set up an account.
4. Secure emails may then be sent from that account to the BSL. Secure emails do not expire and can be re-used. When reusing a secure email update the subject line to reflect the type of case you are submitting.

Procedure for Navigators and CACs to Request a Secure Email from MNsure

1. Send a regular email to the Assister Resource Center at navigators@mnsure.org, and in the subject line, type "request secure email."
2. The ARC will send a secure email redirecting with a link to a secure site.
3. Go to that site to set up an account.
4. Secure emails may then be sent from that account to the ARC. Secure emails do not expire and can be re-used. When reusing a secure email update the subject line to reflect the type of case you are submitting.

How to Open a Secure Email from MNsure (Brokers, Navigators and CACs)

1. A secure email from MNsure will come from an email address ending in @state.mn.us. The subject line will say "Encrypted Email." The content of the email will say: [Sender's name and email address] has sent you a protected message. There is a blue colored button that says "Read the message" with a padlock icon above it. Select this button to open and access the encrypted email.
2. If you are expecting an email from MNsure and have not received it, check your junk or spam folders before emailing the ARC or Broker Service Line again.

References

• Exchange Privacy Rule (45 C.F.R. § 155.260)
• Health Insurance Portability and Accountability Act (HIPAA)
• Minnesota Administrative Rules, Privacy and Security (part 7700.0080)
• Minnesota Government Data Practices Act