Companies offering personal insurance (provident, disability, health expenses, etc.) collect sensitive data, particularly medical data on prospects and clients in order to issue their contracts. How can we ensure that this processing is protected and compliant?
The advice given in this article is valid for all insurance management intermediaries: from brokers to insurance companies and delegated authorities.
All of these companies are required to generate application forms for the quotation and signing phase based on identity documents, proof of address, medical questionnaires, more complete medical records, care invoices, etc. (which must also be collected securely). These application forms contain information that is just as sensitive as the documents collected from the prospect.
Traditionally, the application form is sent to the end customer by mail, who must return them signed in a sealed envelope, but this is no longer acceptable to end customers in the digital age, who demand a 100% digital experience.
Their dematerialization is subject to various very strict data protection regulations (GDPR, management of the medical bubble under Article 226-13 of the French Penal Code, etc.), which are subject to heavy penalties in the event of deviation.
Seald works with several companies in the sector to support them in the protected dematerialization of these documents.
In order to respond effectively to this problem, several criteria must be met:
- only the people in the medical bubble (including internal and external staff such as management delegates or Business Process Outsourcing companies) must be able to read these documents, taking into account staff turnover;
- each activity must be traced to demonstrate the right protection in case of control;
- protection must be transparent and maintained throughout the document lifecycle to facilitate use and avoid uncontrolled data leaks.
To be sure to protect documents throughout their entire lifecycle, they must be protected as early as possible with Seald technology.
This happens in two phases:
- The documents are first generated, and the business application that produces them must protect them so that they are encrypted at rest.
- They are then signed:
- either digitally, and the signed document must be protected along with its certificate of signature;
- or manually, and the scanned signed document must be protected.
The teams in the medical bubble work on them in a transparent and protected way, any other access will be denied and this wherever the protected document is hosted.
Seald does not store, archive or transfer documents in this case of use. Seald is fully compatible with all commonly used storage, EDM and transfer solutions and ensures the protection of documents within these solutions.
The solution presented above consists of :
- defining who will be empowered in the medical bubble via Seald administration tools;
- integrating Seald (with the Server SDK):
- to protect unsigned bulletins as soon as they are generated by the business application that produces them;
- to protect the signed forms - in a handwritten way - on the fly at the output of scanning;
- to protect the signed bulletins - digitally - on the fly at the output of the digital signature;
- either to install the Seald desktop application in authorized persons who need to open these documents frequently or to integrate it with the EDM solution.
It's going to make sure that:
- the documents so protected can be stored on a server without any special protection;
- only authorized persons can open these protected documents transparently with a double-click through the Seald desktop application;
- if people outside the company (i.e. without the Seald desktop application) are authorized to open protected documents, they can open the documents via the browser without installation;
- each activity (opening, attempts to open, transfer, etc.) is tracked, and access rights can be changed in real time, in particular to take account of staff turnover.
Seald is the simple solution to protect contracts and application forms that contain sensitive data, especially medical data, by insurance companies according to current standards.
Better Seald than sorry.
Discover Seald with your team!