Due Diligence and Ongoing Monitoring

Hello.  I am looking to on-board a new insurance company as one of our vendors.  They are refusing to provide their own COI stating they will not disclose that type of information.  Has anyone dealt with this scenario and is it common for insurance companies (not agencies) to not provide their own COI?  If so, what other methods can be used to assess their viability in lieu of a COI. 

Hello.  I am looking to on-board a new insurance company as one of our vendors.  They are refusing to provide their own COI stating they will not disclose that type of information.  Has anyone dealt with this scenario and is it common for insurance companies (not agencies) to not provide their own COI?  If so, what other methods can be used to assess their viability in lieu of a COI. 

Will your insurance company vendor have access to employee protected information (I.e., SSN, medical, etc)?  Do you have indemnification and cyber language and minimum limits in your contracts?

------------------------------
Steven I. Adler, CDPSE
Director, Third Party Risk Management
Enterprise Risk Management
Humana Inc.

------------------------------

You should have a Business Associate Agreement with the insurance company and treat them like any other 3rd party vendor per HIPAA.