TPABenefits offers its customers an ASP (application service provider) solution where we host the TPABenefits application.
TPABenefits Network
Security and privacy of your information is important to TPABenefits. We understand how critical it is to protect your privacy and we want to ensure security through the use of rigorous password and authorization procedures. A highly secure firewall protects our servers and your data. Connectivity varies upon the sensitivity of the information being transmitted. Sensitive information is secured with 128-bit secure sockets layer technology that encrypts the data that is transmitted between your browser and TPABenefits servers. Non-sensitive information is transmitted without encryption for enhanced performance.
Health care providers and patients are rightfully concerned about the confidentiality and security of such data and how that data is used. TPABenefits is sensitive to the concerns of its constituents and is working closely with privacy experts to track developments with proposed HIPAA privacy requirements and will work to comply with any government privacy and security regulations.
Firewalls and Sensors:
At TPABenefits, the first layer firewall protects the Web server from un-subscribed users. The Web server uses the standard SSL (secure socket layer) and, optionally, Digital Certificates to protect the user id and user password from unauthorized access and to help ensure that the accessing users are who they purport to be. The second layer firewall sits between the Web servers and the Data Warehouse to protect against any security breach of sensitive data or transactions. Both the Web and Data servers are using private IP addresses to prevent any public routing. The firewall will only recognizes the predefined private IP addresses for the Data server and predefined private Port ids for data transmission and transaction processes between the Web and Data servers.
Web Logging System:
The user ID and user password are assigned via the TPABenefit Web registration process, which first requires each user to provide information that is defined by each TPABenefit client. Examples are: social security number; subscriber id; full name; zip code; etc. Then the request is validated against the health plan's database before each new web login is issued. The new web login information is then routed back to the central security database, and finally an e-mail is delivered to the user whether the user is a provider, provider designated administrator, member or employer designated administrator. Notice of the registration can be optionally sent to the health plan's designated administrator, as well. During the entire process, all transactions are encrypted via the TPABenefits middleware in addition to SSL.
Each end-user (Health Plan's administrator, employer, member, provider) must use the preset initial security login process to receive a Web access login. The transactions are validated via the TPABenefits security database (SSL and encrypted). The secured login is managed based upon a security profile designed with the health plan that may vary by individual or based on job category. This can be set by job responsibility, data sensitivity, etc. Thus a plan administrator will have a different profile than that of an employer and each profile is configurable by the Health Plan's security administrator. The TPABenefits Security System is an enterprise level solution in addition to the standard web SSL and digital certificate that also provides auditing and a logging facility to support security auditing and potential security breach analysis.
Privacy and Confidentiality:
TPABenefits is as committed as our health plan partners regarding privacy and confidentiality of identifiable health information. TPABenefits follows HIPAA standards in its business practices in maintaining confidentiality of customer information through strict data disposal requirements, user access controls and compliance.