CMS Guidelines & Radius

How Radius keeps your system compliant with the new CMS guidelines

Danielle Bond avatar
Written by Danielle Bond
Updated over a week ago

This LINK has the 2023 CMS guidelines and this LINK has the CMS Marketing guidelines. The last document post on the marketing guidelines is from 2022 on the CMS.gov document list, so we recommend seeing the revisions to Title 42. The revision date is continually updated so check the top of the page to see when it was last updated since rules have been coming fast & furious! Please review these fully.

Information for CMS Compliance: Email

If you sell Medicare, please follow these steps:
1) Go to Account> My Information> add your NPN, the number of organizations you represent and the number of plans represented. Save update. Have each of your agents do this.
2) Go to your email templates and add the disclaimer to the bottom of each email template. The field names from your agent profile will populate the correct number of organizations/plans.

We do not offer every plan available in your area. Currently we represent #AGENTORGSREPRESENTED# organizations which offer #AGENTPLANSREPRESENTED# products in your area. Please contact Medicare.gov, 1–800–MEDICARE, or your local State Health Insurance Program to get information on all of your options.

Information for CMS Compliance: Phone

If you're on the AMS Plan and would like the new playable disclaimers using the updated required language, please message us on the help app and ask for the new recordings. You will still need to state how many organizations and plans you represent before hitting play, but playable disclaimers give your voice a rest!

You can also record your own disclaimers in Settings > Phone Dialer > Greetings & Recordings. We pulled this straight from the National Archives so check that link out for the full details.

HIPPA Compliance

Radiusbob meets the requirements for HIPPA compliance. Simple Shapes, LLC (of which Radius is a part) as a company has completed HIPAA Compliance Training and Radiusbob.com as a Platform has been HIPAA Verified by working with our third party partners, Compliance Group (www.compliancy-group.com). Radius contain requirements within the system that Covered Entities include such as: Unique User Identification, Emergency Access Procedure, Password Requirements (Minimums and Change Requirements), Encryption, Decryption and more.

However, keeping yourself compliant as an agent is critical.

These are the ways Radius keeps you compliant:

  • See our security details below.

  • You can create encrypted fields for higher security information like Medicare ID and Social Security Number.
    Settings> Coverage Types & Custom Data Fields> Create Custom Field> Choose the Type of Encrypted


  • Call Recordings for all inbound & outbound calls on the full VOIP feature. These are stored for you for the duration of your account with Radius. If you leave Radius, you'll want to download all files to keep them the required length of time.

  • A welcome greeting allowing the disclaimer of recording taking process and the CMS disclaimer can be played before connecting to the agent.
    Feel free to request one of the call recording/CMS disclaimer recordings that are complimentary to Radius clients by a professional voice actor.

Shared Security Model

Security is up to all of us, including you.

Security is a shared responsibility at Radius. We control the physical and virtual hosts and can offer a high level of physical and environmental security with both our compute and storage offerings. You're responsible for making sure your Radius Account are securely configured and patched. By following best practices, you can build accounts to meet the exacting standards required by HIPAA, PCI-DSS, GDPR, and your customers.

Physical Security and Networking

Every Instance of Radius has extensive physical, environmental, and network capabilities in place:

Access to the data center floor is restricted to data center employees and authorized visitors.
Data Centers are staffed 24/7/365 with security guards and technicians.
All employees and visitors are identified using biometrics and state issued Ids before entering the facility.
HVAC and power have redundant systems, so if one goes out, the others keep our systems powered and within operating temperature.
Multiple Internet carriers using independent fiber connections to the data center floor.

Server Security

The servers themselves operate within Xen Virtualization, which ensures that each server has its own kernel and user space, which are fully separate from other servers.

Firewall to limit and block unwanted inbound traffic.
SSH key pair authentication connections are authenticated by matching the public key with the private key
Fail2Ban prevents dictionary attacks on servers. When Fail2Ban detects multiple failed login attempts from the same IP address, it creates temporary firewall rules that block traffic from the attacker’s IP address
2048-bit SSL Encryption (https://accountnamehere.radiusbob.com)

User Authentication

Account Level Admin controls to maintain organizational security requirements.

Unique Usernames and Passwords
User Password Requirements – Minimum Password Length, Maximum Password Age (Required Password Changes over X Days)
New Session Date and Time Stamped Per User
Two Factor Authentication Login through SMS (2FA)

Database and Data Storage

Daily, Weekly and Monthly Data off site backups
Encrypted Data in Motion
Encrypted Data at Rest
Server Logs at User Level.

HIPAA (U.S. Health Insurance Portability and Accountability Act):

Covered entities and their business associates subject to the U.S. Health Insurance Portability and Accountability Act (HIPAA) can maintain compliance using Radius as their Cloud Hosted Solution. While Radius provides the platform and does not generally engage in activities or functions that make it a HIPAA Covered Entity, the compliance responsibilities are handled by your organization. Specifically, a customer that subscribes to use a Radius Account has the exclusive authority and ability to manage all technical safeguards required by HIPAA with respect to its PHI, including access controls, audit controls, integrity, authentication and transmission security.

Recommendations

Radius recommends that you configure your account using the built in Security Measures.

For some guidance on how to harden your systems, start here:

Unique Username And Passwords
Set Required Minimum Password Characters to 8 Minimum
Set Password Update for every 90-120 Days for Users
Require Two Factor Authentication Upon Login for Users
Build Custom Fields using the Encrypted Option
Delete Users as quickly as possible

Did this answer your question?