To protect the confidentiality of information and/or electronic data including Protected Health Information as defined by HIPAA Privacy Rule 45 CFR Part 164 (collectively, “Data”), ActiveHealth utilizes the following physical and electronic safeguards;
valid user ID and password is required for online access to enter the application systems and/or access Data maintained in our online application systems.
We utilize Internet security features to protect Data from unauthorized external access. Secured Socket Layers (SSL) at 128-bit or higher data encryption are used to prevent unauthorized users from intercepting transmitted data. Data is protected from unauthorized external access through the use of proxy servers and firewalls.
We restrict access to Data only to authorized personnel. Security levels further limit particular aspects of a client's data to specific personnel. Electronic Data will not be stored in shared common network file storage areas. We also impose user restrictions upon individuals authorized to access electronic Data to limit access and/or modification of Data.
The physical environment of computer systems containing Data is highly secured. Each ActiveHealth data center is constructed with power supply redundancy, sophisticated environmental controls and a full security system that limits physical access to computer hardware to only individuals holding a valid electronic key card and a personal identification number.
Last updated: 04/08
Reviewed: 3/2010