fbpx

DNC Policy and Procedure

1. Purpose

The purpose of this policy is to establish clear guidelines and procedures to ensure compliance with all applicable laws and regulations governing telephone solicitations. Open Enrollment Healthcare is committed to respecting the privacy and preferences of our clients and potential clients. This policy outlines our procedures for managing and honoring DNC requests in compliance with relevant regulations. These include, but are not limited to, the Telephone Consumer Protection Act (TCPA) and the Telemarketing Sales Rule (TSR). Adherence to this policy helps protect consumer privacy and maintain the integrity and reputation of Open Enrollment Healthcare.

2. Scope

This policy applies to all employees, agents, and representatives of Open Enrollment Healthcare agencies who engage in telephone solicitation activities or customer service related questions and concerns on behalf of the company. Telephone solicitation encompasses any activity aimed at encouraging the purchase of goods or services via phone calls.

3. Definitions

  • Do Not Call List: A list of phone numbers belonging to individuals who have requested not to receive telemarketing calls.
  • Telephone Solicitation: Any telephone call made for the purpose of encouraging the purchase of goods or services.
  • Express Consent: Verifiable agreement from a consumer to receive telemarketing
    calls.

4. Compliance with Regulations

Open Enrollment Healthcare is committed to complying with all laws and regulations related to telephone solicitations. This includes, but is not limited to, adhering to the rules and regulations set forth by the TCPA, applicable state laws, and TSR. In addition to our internal Do Not Call list, we comply with the National Do Not Call Registry. All outbound calls are checked against the National DNC Registry before being made. Our company subscribes to and downloads the National Do Not Call Registry list at least every 31 days.

5. Procedures

Do Not Call List Maintenance

Collection and Updating

  • The DNC list shall be updated regularly to include the National Do Not Call Registry maintained by the Federal Trade Commission (FTC) and any internal lists specific to Open Enrollment Healthcare.
  • Any request from consumers to be added to the internal DNC list must be processed within 24 hours of the request and updated before the next solicitation occurs.

Access and Use

  • All employees involved in telephone solicitation must have access to the most current version of the DNC list.
  • Prior to making any solicitation call, the DNC list should be consulted to ensure compliance.

Retention

  • Records of requests to be added to the DNC list, including the request date and the requesting consumer’s details, must be maintained securely for a minimum of five years.

Obtaining Express Consent

Written or Verifiable Oral Consent

  • Express consent can be obtained either through written documentation, such as a signed agreement, or through verifiable oral consent, such as a recorded verbal agreement or by obtaining consent through the terms and conditions on the company’s website(s) such as the example below.
    • “All information I have submitted is accurate and I will receive a quote based on this form’s entries. I agree to the Terms and Conditions of this website, and consent to Open Enrollment Healthcare or its affiliates contact me via telephone or sms message with an insurance quote.”
  • Consent must include a clear understanding from the consumer that they agree to receive telemarketing calls from Open Enrollment Healthcare.
  • Open Enrollment Healthcare’s Terms and Conditions are listed on our websites as follows:
    • TERMS AND CONDITIONS FOR OPEN ENROLLMENT HEALTHCARE INSURANCE AGENCY
    • Welcome to our platform. By engaging with our website, mobile app, or any additional services we provide, you consent to adhere to these Terms and Conditions. It’s crucial to carefully review these Terms and Conditions prior to using our services.
    • Overview
    • Open Enrollment Healthcare offers insurance brokerage services to both individuals and businesses. These services are governed by the Terms and Conditions outlined here, which apply to our website, mobile app, and any other services we may offer.
    • Consent to Terms
    • By accessing and using our services, you confirm that you have read, understood, and agreed to these Terms and Conditions. If you do not agree with these terms, you should refrain from using our services.
    • Changes to Terms
    • We reserve the right to modify these Terms and Conditions at any point. Should there be any significant changes, we will notify you by updating the Terms and Conditions on our website or mobile app. Continuing to use our services after such changes implies your agreement to the new terms.
    • Requirements for Use
    • Our services are available to individuals who are at least 18 years old. By using our services, you declare that you meet this age requirement.
    • Insurance Services Offered
    • As an insurance broker, we assist in obtaining insurance quotes, facilitating the acquisition of insurance policies, and offering ongoing support. It’s important to note that we are not an insurance provider; the insurance products we facilitate are from third-party insurers.
    • SuitableUse of Services
    • Our services should be used in a lawful manner and in compliance with these Terms and Conditions. Any use that could harm, disrupt, or interfere with the operation of our website, mobile app, or services is prohibited.
    • Account Responsibility
    • If our services require an account, you are responsible for keeping your account details confidential and for all activities under your account. Immediate notification is required if there is unauthorized use of your account.
    • Fees
    • Some of our brokerage services may involve fees. You will be informed of any fees in advance of using our services, and by proceeding, you agree to these charges.
    • Intellectual Property Rights
    • The content and materials on our website and mobile app, including but not limited to text, images, and logos, are owned by Open Enrollment Healthcare or its licensors and are protected by copyright laws. Any use of these materials without express permission is prohibited.
    • No Warranties Provided
    • We offer our services on an “as is” and “as available” basis without warranties of any kind, either explicit or implied. We do not guarantee uninterrupted service or the correction of any service errors.
    • Liability Limitation
    • Under no circumstances shall Open Enrollment Healthcare, its affiliates, or its personnel be liable for any direct, indirect, or consequential damages related to your use of our services.
    • Agreement to Indemnify
    • You agree to indemnify and hold Open Enrollment Healthcare and its affiliates harmless from any claims, damages, or expenses arising from your use of our services.

Documentation

  • Detailed records of how and when express consent was obtained must be kept. This documentation serves as proof of compliance in case of any disputes or audits.

Call Restrictions

Time Restrictions

  • Telemarketing calls must be made only during permissible hours: 8 AM to 9 PM local time of the called party. This ensures respect for consumers’ personal time and reduces the likelihood of inconvenience.

Caller Identification

  • The caller must clearly identify themselves at the beginning of the call, including their name, the entity they are representing (Open Enrollment Healthcare), and a contact number or address for further inquiries.
  • This introduction must be delivered in a clear and understandable manner, ensuring that the recipient of the call can easily identify who is calling and on whose behalf.
    • Transparency and Trust
  • Clear identification at the beginning of the call helps to build trust and credibility with the recipient.
  • It also provides the recipient with the information they need to verify the legitimacy of the call and to contact our company for any follow-up questions or concerns.
  • Call recordings are periodically reviewed to ensure compliance with the caller identification policy. Any deviations from the prescribed identification procedure will be addressed promptly, with additional training provided as necessary.
    • Procedure for Ensuring Proper Caller Identification
  • Training – Employees and agents are provided with a detailed script and guidelines on how to introduce themselves at the beginning of each call. Ongoing training sessions are held to reinforce the importance of clear and accurate caller identification. Training includes role-playing exercises to practice and reinforce the correct way to introduce themselves and the company at the beginning of each call.
  • Call Script – A standardized call script is provided to all employees and agents, which includes the required elements of the caller introduction. Employees and agents are encouraged to personalize the script while maintaining the core identification requirements.
  • Monitoring and Feedback – Supervisors and managers regularly monitor call recordings and live calls to ensure compliance with the caller identification policy. Feedback is provided to employees and agents on their performance, with specific attention to how well they adhere to the identification requirements.

Honoring DNC Requests

  • If a consumer requests to be placed on the DNC list during a call, this request must be honored immediately. No further calls should be made to that consumer from the date of the request.
  • Clients can request to be added to our DNC list by calling our customer serviceline or emailing us.
  • Employees who receive these requests must record the client’s name, phone number and the date of the request.

Employee Training and Accountability

Training Programs

  • All relevant employees must participate in comprehensive training programs detailing the DNC policy, TCPA, TSR, and other related regulations. This training should be completed upon hiring and refreshed at regular intervals.

Compliance Monitoring

  • Open Enrollment Healthcare will conduct regular audits and monitoring to ensure adherence to the policy. Employees who do not comply with the policy may face disciplinary actions, up to and including termination of employment or contract.

6. Record-keeping and Reporting

Record Retention

  • All records related to telephone solicitation activities, including proof of express consent, call logs, and records of DNC requests, must be retained for at least five years. This ensures that documentation is available for any regulatory or internal compliance review.

Incident Reporting

  • Any potential breaches of this policy, including failures to comply with DNC requests or other regulatory requirements, must be reported immediately to the compliance officer. Prompt reporting enables timely investigation and resolution.

Non-Compliance

  • Failure to comply with this policy may result in disciplinary action, up to and including termination of employment or contract with Open Enrollment Healthcare.

7. Confidentiality and Privacy

  • Open Enrollment Healthcare is committed to protecting the confidentiality and privacy of consumer information obtained during the enrollment process.
  • Consumer information will only be used for the purpose of assisting with enrollment and will not be shared with third parties without the consumer’s express consent, except as required by law.
  • All employees, agents, and representatives of Open Enrollment Healthcare must maintain the confidentiality of consumer PII and PHI, both during and after their employment or contractual relationship with the company.

8. Review and Revision

Policy Review

  • This policy will be reviewed annually to ensure it remains current with all applicable laws and regulations. Revisions will be made as needed to address any changes in legislation or internal practices.

Feedback and Improvement

  • Employees are encouraged to provide feedback on the effectiveness of the policy and suggest improvements. Continuous improvement is essential for maintaining robust compliance and operational efficiency.

By adhering to these guidelines and procedures, Open Enrollment Healthcare aims to
respect consumer privacy, uphold legal and regulatory requirements, and maintain a
positive company reputation.

9. Protection of Consumer Personally Identifiable
Information (PII) and Protected Health Information (PHI)

Purpose

  • The purpose of this policy is to establish guidelines and procedures to protect consumer Personally Identifiable Information (PII) and Protected Health Information (PHI) collected, processed, or maintained by Open Enrollment Healthcare in accordance with applicable laws and regulations.

Scope

  • This policy applies to all employees, agents, and representatives of Open Enrollment Healthcare who handle consumer PII and PHI in the course of their duties.

Definitions

  • Personally Identifiable Information (PII): Any sensitive or non-sensitive information that can be used to identify or locate an individual, including but not limited to names, addresses, Social Security numbers, and financial information.
  • Protected Health Information (PHI): Individually identifiable health information transmitted or maintained in any form or medium, as defined by the Health Insurance Portability and Accountability Act (HIPAA).
  • Covered Entity: ACA Insurance Agency, as a licensed insurance agency, is considered a covered entity under HIPAA regulations when handling PHI.

Collection and Use of PII and PHI

  • Open Enrollment Healthcare will only collect and use consumer PII and PHI for lawful purposes related to the provision of insurance products, determining eligibility for subsidies, and processing of enrollment applications.
  • PII and PHI will be collected directly from consumers with their consent, and only shared with Health Insurance Marketplace and selected health insurance carriers to complete the enrollment process.
  • Open Enrollment Healthcare collects PII and PHI directly from consumers with their explicit consent.
  • Information collected includes, but is not limited to, name, address, Social Security number, date of birth, health information and financial information.
  • Consumers are informed about the types of information collected and the purposes for which it will be used at the time of collection.
  • Consumers can withdraw their consent for the collection, use and sharing of their PII and PHI at any time.
  • Upon withdrawal of consent, Open Enrollment Healthcare will cease using and sharing the consumer’s PII and PHI.
  • Consumers can file complaints if they believe their PII or PHI has been handled improperly.
  • Complaints are investigated promptly, and corrective actions are taken as necessary.

Security Measures

  • Open Enrollment Healthcare will implement appropriate administrative, technical, and physical safeguards to protect consumer PII and PHI from unauthorized access, disclosure, alteration, or destruction.
  • Access to PII and PHI will be restricted to authorized employees, agents, and representatives who require such information to perform their duties. Employees, contractors and agents receive training on data security and privacy best practices.
  • Consumer information will not be shared with third parties for marketing purposes without explicit consent.
  • A CRM system with robust security measures and any third-party platforms used
    will protect consumer information from unauthorized access or breaches.

10. Data Breach Response

Definitions

Data Breach: An incident where information is accessed without authorization, resulting in the potential or actual compromise of the confidentiality, integrity, or availability of PII or PHI.

  • Open Enrollment Healthcare is dedicated to maintaining the security and confidentiality of consumer PII and PHI. In the event of a data breach, the company will take immediate and appropriate action to investigate, mitigate and communicate the breach in compliance with applicable laws and regulations.
  • Upon receiving a report of a data breach, the Compliance Officer will initiate a thorough investigation to determine the scope, cause, and impact of the breach.
  • The investigation will involve identifying the affected systems, data types, and individuals, as well as assessing the potential risks and damages resulting from the breach.
  • External forensic experts may be engaged if necessary to assist with the investigation.
  • All employees, contractors, and agents must report any suspected or confirmed data breach involving PII or PHI immediately to their direct supervisor, manager or Compliance Officer.
  • Reports shall include all relevant details, such as the nature of the breach, the type of information involved, and the potential scope of the breach.
  • Open Enrollment Healthcare will promptly investigate and respond to any suspected or confirmed breaches of consumer PII or PHI in accordance with applicable laws and regulations.
  • Individuals affected by a data breach will be notified as required by law. Notifications will include:
    • A description of the breach and the types of information involved.
    • The steps Open Enrollment Healthcare is taking to address the breach and mitigate harm.
    • Recommendations for actions individuals can take to protect themselves from potential harm.
    • Contact information for further inquiries and assistance.
  • Immediate steps will be taken to contain the breach and prevent further unauthorized access to PII or PHI. This may include isolating affected systems, changing access credentials, and deploying additional security measures.
  • Efforts will be made to recover any compromised data and to secure backups.

Remediation and Follow-up

  • Affected individuals will be provided with resources to help protect their information and mitigate potential harm, such as credit monitoring services and identify theft protection.
  • Open Enrollment Healthcare will review and update security measures and policies to prevent future breaches.
  • Training programs will be enhanced to ensure that employees, contractors, and agents are aware of best practices for data protection and breach prevention.
  • Regular reviews of breach response procedures will be conducted to identify areas for improvement.
  • Lessons learned from each breach incident will be used to enhance overall security practices and policies.

11. Contact Information

For questions or concerns regarding this policy, employees, agents, and representatives may contact the designated compliance officer at: e.tolkachev@acmeinsuranceagency.com.

Or by mail at:

Open Enrollment Healthcare

1690 S Congress Ave

Suite 120

Delray Beach, FL 33445