NextAgency is a comprehensive combination of agency management and employee management software. In developing the technology, we followed five principles:
- Start with brokers: build from brokers out.
- Don’t interfere: broker-client relationships are paramount.
- Empower choice: brokers and clients choose their own vendors.
- Be realistic: don’t overpromise.
- Protect data: offer secure systems and clear permissions.
Taken together, these principles explain both what we’ve built and what we’ll be developing in the future. Part I and Part II of this article explored the first four principles. This post describes the fifth.
Privacy and data security matter. It may not seem like it in an age where companies like Facebook and Google are among America’s most valued enterprises primarily because of their ability to gather, track and sell your private information. Which is not only creepy, but the loss of privacy is dangerous for a variety of reasons. For insurance professionals, especially those selling health care coverage, respecting the privacy of your clients is not only right, but legally necessary. There are serious legal and financial consequences for violating HIPAA and the HITECH Act, just to name two privacy laws insurance professionals need to know about.
All of which means, when you entrust protected or sensitive information to a technology, you need to know you can trust that technology. NextAgency was built to be a fortress for this kind of information. We use strong encryption standards, including 256-bit SSL starting at log-on. When data is transferred we employ high-grade TLS. When the data is at rest, meaning its on our servers, we implement multi-layered encryption with AES-128. Encryption keys are stored separately from your data. We have an outside firm regularly test our privacy defenses. In short, we keep your and your client’s data safe. (If this paragraph reads like gibberish to you, share it with your local IT specialist. They’ll be impressed.)
We address the human element of security, too. If you use our NextConcierge service to set-up NextAgency, we’ll enter into a Business Associate Agreement with you. Otherwise access to your data is greatly restricted, requires multiple authorizations and is granted only for specific tasks.
While NextAgency protects personal and financial data, we recognize you and your clients need to do so well. Again, it’s more than just a moral and social need, there’s a legal ramification as well. If your computer system is hacked, the authorities send two teams to your office. The first will look for the thief. The second will find out why you had that data in the first place. Which means what client data you have in your system matters.
Some HR platforms you can give to your clients allow your agency to see whatever information your clients enter into their system. We think this is dangerous. If your goal is to obtain a proposal for medical coverage, do you need employee banking information? No. And if you don’t need this data, then you shouldn’t have it. The potential liability if there’s a breach outweighs any benefit of having it close at hand before you need it. Which is why NextHR gives your clients broad powers to determine what they share with your agency. We think that’s safer for them and you.
Similarly, you may want to control what information your colleagues and staff have access to about your clients. Does everyone need to see commission statements? Again, no. Consequently, we give you the authority to restrict that access.
No data security system is perfect. Any system can be hacked. Just ask Sony, Target or the NSA. By combining technology and strong permissions, however, we improve to create a very strong system. Proper handling of sensitive data is an important part of what we’ve built into NextAgency. It will continue to be an important element of what we build in the future as well.