Explore ObamaCare
Call us Today
(862) 262-2273

Information Security And Agents

Questions answered

Information security is vital to the Marketplaces. The goal of an information security program is to understand, manage, and reduce the risk to information under the control of the organization.

Information security refers to the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.

  • Information security is achieved through implementing technical, management, and operational measures designed to protect the confidentiality, integrity, and availability of information.
  • The goal of an information security program is to understand, manage, and reduce the risk to information under the control of the organization.
  • In today’s work environment, many information systems are electronic; however the Department of Health and Human Services (HHS) has a media neutral policy towards information. This means that any data must be protected — whether it is in electronic, paper, or oral format.

Protecting Information

There are three key elements to protecting information:

Confidentiality: Protecting information from unauthorized disclosure to people or processes.

Availability: Defending information systems and resources from malicious, unauthorized users to ensure accessibility by authorized users.

Integrity: Assuring the reliability and accuracy of information and information technology (IT) resources. 

Threats, Vulnerabilities, and Risks

Threats and vulnerabilities put information assets at risk.

A threat is the potential to cause unauthorized disclosure, changes, or destruction to an asset. Impacts of a threat can include a potential breach in confidentiality, a potential breach in integrity, and the unavailability of information. There are different types of threats. Threats can be natural, environmental, and man-made.

A vulnerability is any flaw or weakness that can be exploited and could result in a breach or a violation of a system’s security policy.

A risk is the likelihood that a threat will exploit a vulnerability. For example, a system may not have a backup power source; hence it is vulnerable to a threat such as a thunderstorm. The thunderstorm creates a risk to the system

Threats to Your Computer

It is essential that computers used to conduct business in the Federally-facilitated Marketplaces are protected from harmful computer programs, applications, and malware. As an agent or broker, it is your responsibility to ensure that the computer you use to access a Federally-facilitated Marketplace is regularly updated with the latest security software to protect against any cyber-related security threats.

Malware, short for malicious software, is software designed to harm or secretly access a computer system without the owner's informed consent. It is a generic term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code. Malware is also known as pestware.

Types of malware include (click on each for more information):

  • Virus
  • Trojan Horse
  • Worms
    • Spyware
    • Adware
  • Rootkits
  • Crimeware
  • Scareware


Protection Against Viruses and Malware

To best protect your computer, ensure that your system has up-to-date malware protections installed.

Anti-virus software

Anti-virus software is a computer program that identifies and removes computer viruses and other malicious software like worms and trojan horses from an infected computer. It also protects the computer from further virus attacks. 

Anti-virus software examines every file in a computer with the virus definitions stored in its virus dictionary: an inbuilt file that contains code identified as a virus by the anti-virus authors.

You should regularly run an anti-virus program to scan and remove any possible virus attacks from a computer. Most commercially-available anti-virus software automatically provides virus updates daily.


Anti-spyware can also provide real-time protection against the installation of spyware on your computer. This type of spyware protection works like anti-virus protection by scanning and blocking all incoming network threats. It also detects and removes spyware that has already been installed into the computer. Anti-spyware scans the contents of the windows registry, operating system files, and installed programs on the computer and provides a list of any threats found.


Agents and brokers can apply certain controls to protect information within the Marketplace. Controls are policies, procedures, and practices designed to manage risk and protect IT assets.

Common examples of controls include:

  • Security awareness and training programs
  • Physical security — like guards, badges, and fences
  • Restricting access to systems that contain sensitive information


Password Protection Tips

There are steps agents and brokers can take to help promote information security in the Marketplaces.

  • Change your password often. 
  • Change your password immediately if you suspect it has been compromised.
  • Use a different password for each system or application.
  • Do not reuse a password until six other passwords have been used.
  • When choosing your password, do not use generic information that can be easily obtained — like family member names, pet names, birth dates, phone numbers, or vehicle information.
  • NEVER share your password with anyone!



Patches are updates issued by the vendor that fix a particular problem or vulnerability within a software program. Patch management is a critical business function for effective data risk management.

To mitigate the impact of any potential attacks, agents and brokers should ensure the operating systems and applications on their computers remain patched with the latest security updates from their vendors.

In addition to the security consequences of not installing the most recent patches to your system, recovery from attacks and infections can be expensive and prolonged. To limit risk and vulnerability, pay attention to security alerts and conduct patch management systematically. Schedule patching activities as a regular part of your business routine, and allow flexibility for emergencies.

Media Protection

In addition to protecting your computer and related systems, it is critical that you protect various media forms as well. Click on each of the following to read more:

  • Protect Sensitive Unclassified Information
  • Protect Your Equipment
  • Protect Your Area
  • Printing, Faxing, and Postal Mailing
  • Protect E-mail and Conversations

Security Incidents

Security incidents are a potential threat to the integrity of PII. A security incident occurs when there has been an attempted or successful unauthorized access, use, disclosure, modification, or destruction of data; or interference with system operations in an information system. 

Examples of security incidents include:

When the security incident involves the actual or even suspected loss of PII, that incident is considered a privacy breach.

Agents and brokers should have documented procedures for incident handling and breach notification. These procedures should address how to:

Responding to a Privacy Incident

Consistent with federal law, an agent or broker must report all PII incidents to the Marketplace, and make reasonable efforts to mitigate such incidents.

Any incident involving the loss or suspected losses of PII should be reported in accordance with health insurance issuer requirements or state laws in which an agent or broker operates.

Additionally, if the incident involves a possible improper inspection or disclosure of federal tax information (FTI), the individual making the observation or receiving information should contact the office of the appropriate Special Agent-in-Charge, Treasury Inspector General for Tax Administration (TIGTA), and the Internal Revenue Service (IRS). Agents and brokers in the Individual Marketplaces may possibly encounter FTI when assisting with an eligibility appeal. Remember, FTI may not be disclosed to anyone without proper authorization.

The organization that experiences a breach must determine whether or not to provide notice to individuals whose data has been lost or breached, and will bear any costs associated with the notice or any necessary mitigation actions.

Go Back to Insurance Agent Resources


Agents and Brokers are required to be trained to assist consumers with the application and decision making process. Using an Agent to enroll in a ObamaCare Health Plan will be the primary choice of many americans. After all agents have the inside track on companies and their promptness to handle claims and pay benefits in atimely fashion.

Our Agents are available 7 days a week.

We offer a free consultation which entails speaking one on one with a knowledgable Agent that has been state licensed and trained to answer your questions.

Next Topic: Coverage Basics

Find Out How Much You Can Save!

Get Todays Health Insurance Rates

Take the first step forward.
Start with a free confidential conversation.
Give us a call (862) 262-2273
*ExploreObamacare.com is not affiliated with any government agency. All information provided is for informational purposes only and no guarantee of the accuracy is hereby implied. The information was the product of researching the Affordable Care Act Bill and is subject to change.
Copyright © 2013 Explore ObamaCare| XML SiteMap | Privacy Policy | Contact Us | Obamacare Facts | Mobile Site