Data Process Flow Insurance Broker Medical Health Insurance

How to manage the flow of Data to be compliance with IDD & GDPR?


This diagram explains the data process flow and how a CRM is the core of a Digital solution with Think Insurtech SaaS dedicated for broker & provider specialized in medical insurance. As you look the CRM is in the center and everything around it interacts with the system.

The Problem

Intermediaries in insurance must prove how they collected data & needs of clients (personal information, census details).
Without a suitable environment with plug & play convergence and cloud, it is impossible.

Webform & API

When a lead comes in, the web form allows clients to fill in their request in a standard format that answers basic questions on what benefits are required.  

1)      Collects pertinent data - creates lead generation   
·         Brokers Website becomes an interactive tool rather vs a nonfunctional show case only (ex. Webform & Sign up to open an account for companies)
·         Lead approves and confirms use of personal data (Website term & conditions / Data retention policy / Privacy & cookies policy

 2)      Notification - analyze needs, broker’s team immediately receives an email with client contact information and basic cover requirements. Broker contacts the client to gather further information.  
·         Saves time from imputing data
·         Information is secure and accurate
·         The process documents how the client’s information is collected as required by Insurance Directive Distribution (IDD). 

 3)      Think Insurtech SasS Platform
·         Once needs are analyzed broker can offer a real time comparison of the plans and pricing

 4)     Send a proposal in template format with a comparison and a written recommendation as required by IDD all directly from the system.


·         Intermediaries must prove how they collected data & needs of the insured (Clients information, census details) and they need to encrypt this highly sensitive (medical data)
·         Intermediaries need to secure medical data separately in a HIPAA cloud/or a high security server to be compliant with the GDPR & IDD
·         Intermediaries need to explain/insert in their writing process compulsory and legal mention (Privacy & cookies policy/Term & conditions /Data retention policy) access to the information/where are the data/Where are they secure/How you can offer data portability/How to complain to the ombudsman, regulator, the technology (Hosting) and data must be separated and differentiated in this system with API to transfer the flow of information.
Solution: Under GDPR and IDD it is necessary to secure medical data and to separate data on a specialized storage service which is HIPAA - HDS


 Data Backup - Google File Stream & Google Platform connected to CRM system
·         The clients’ information is personal data stored on a cloud.
·         More secure than a service, hosted server in house or paper files 
·         All information to backed up and encrypted

All the tools listed are plug and play with the CRM Pipedrive via an API interface assisting in various functions

·         G Suite - integrated suite of secure, cloud-native collaboration and productivity apps 
·         PandaDocs – Create, send, track, and eSign proposals, contracts, and quotes
·         Slack –  Interoffice communication
·         Mail Chimp -  All-In-One integrated marketing platform for small businesses
·         Mail Gun - Transactional Email APIs that enable you to send, receive, and track emails, 
·         Send Pulse – Multi-Channel Marketing Automation Platform
·         3CX Phone communication integration CRM system Pipedrive