Privacy and Security Policy

Privacy Overview 

This Internet health web application contains confidential patient data related to the processing of medical claims pertaining to a plan members care and treatment.  The Plan Sponsor and/or Contract Administrator are committed to maintaining the absolute privacy of all personally identifiable information contained in this health web application.

Personally identifiable patient data is confidential information and will not be disclosed to any unauthorized third party unless the Plan Sponsor and/or Contract Administrator is required to do so by legal, judicial or governmental proceedings, or unless expressly instructed to do so by the Plan Member. 

Statistical information about plan participants is collected in aggregate and may be shared with health web application partners.  Health web application partners will not receive personally identifiable patient data.  Aggregate information is information that describes the demographics of users as a group and does not reveal the identity of a particular user.  All personally identifiable information is stored in a secured database and is always transferred via an encrypted Internet channel. 

IP Addresses

Certain information is collected in the form of an IP Address.  This information identifies the computer you are using and allows computers and servers to communicate with each other.  IP Addresses are collected through the health web application in order to conduct system administration, maintain internal security, collect aggregate information and to monitor site traffic.  The health web application does not associate IP Addresses with personal information and the IP Address does not identify you personally.

Cookies

“Cookies” are pieces of data that the health web application transfers to the hard disk of your computer for tracking purposes.  The health web application allows for the use of cookies in your hard drive to assist you in your record keeping.  The health web application does not use cookies to deliver content to your computer or to track personal information concerning your usage of the health web application.

Registration

Plan Members may access the health web application after completing an online registration form.   Plan Members are required to provide confirmed contact information to include; Group Number, Social Security Number, City, State, Zip Code, Date of Birth, Gender, Phone Number and Relationship.  Plan Members are also required to provide a unique Username and Password.  Plan Members may provide their e-mail address or they may designate their Plan Administrator as their primary contact for e-mail. 

Disclosure

The health web application will not disclose personal information to third parties unless required by law.  A Plan Members e-mail address will not be disclosed to any third party unless required by law.  The health web application will not disclose personally identifiable information or allow anyone to collect personally identifiable information unless required by law.  The health web application does not use Banner Advertisers and /or Third Party Ad Networks.

External Links

As a courtesy and service to Plan Members, the health web application may provide links to various third party web sites.  A listing of these web site links can be found within the Plan Member Health Links Tab.  The web sites are independent of the health web application and each site maintains an independent privacy, security and data collection policy.  This health web application assumes no responsibility or liability for these independent methods or actions and is not responsible for the policies or procedures of these independent web sites.  However, this health web application strongly encourages each independent web link site to abide by all federal and state laws, regulations and guidelines regarding the privacy and confidentiality of patient medical data, including regulations that have been adopted or may be adopted under the Health Insurance Portability and Accountability Act of 1996. 

Security Overview

The health web application utilizes advanced technology for Internet security.  When a Plan Member accesses this site using Netscape Navigator or Microsoft Internet Explorer versions 4.0 or higher, Secure Socket Layer (SSL) technology protects personally identifiable information using both server authentication and data encryption.  This level of security is designed to safeguard patient data and make it available only to authorized, registered users.  The data will be completely inaccessible without accessing the health web application using the registered user name and password.

Personnel maintaining the health web application software and hardware do not have access to personally identifiable information and security measures are in place to protect the loss, misuse or alteration of the information under the control of the health web application staff.  In addition, the health web application is hosted in a secure server environment utilizing a “firewall” and other advanced technology to prevent interference or access from outside intruders.

The health web application requires Plan Members to enter their unique name and password each time they log on to the site.  In addition each user is asked to agree to the “Notice of Confidentiality and Certification of Authority” prior to accessing the health web application.  The health web application issues a session “cookie” only to record encrypted authentication information for the duration of a specific session.  The session does not include either the username or password of the Plan Member.

 Opt-In/Opt-Out Choice

The health web application gives Plan Members the opportunity to Opt-In or Opt-Out of participation in the health web application.  Plan Members who do not register to access the site will not receive communications sent through the “message center” and will not have access to their patient data via the Internet.

Plan Members who wish to Opt-In, Opt-Out or make corrections or modifications to their personal information as contained within the health web application may do so as follows: