Security is central to our core business practices. We are dedicated to safeguarding sensitive Personal Health Information (PHI) and have implemented strict protocols regarding privacy, security and transaction standards. These standards address who is authorized to access information, the ability to control access and to protect information from accidental or intentional disclosure to unauthorized persons, and standardization of certain payment-related electronic transactions (EDI). We are fully compliant with HIPAA.
As required, we have a dedicated privacy officer, written descriptions in place and security procedures that are carefully followed and monitored. System access is extremely limited and is available only on an ‘as-needed’ basis for processing purposes and phone/web inquiries. On a regular basis, we perform a risk analysis to manage, monitor and identify any potential security breaches.
Our company has multiple levels of security and data integrity checks, both internal and external. We use two different firewalls to protect any external threats. Each has alert systems in place that email multiple administrators in the case of any type threat. These firewalls also have the ability to shutdown external access if any form of bombardment (including password) or hacking is detected. We set the firewalls up with various, custom parameters based on industry standards as well as the specific needs of our company. If only everything was as safe as your information is with eCOBRA. Imagine that...
Below are a few of our standard safeguard policies:
- A specialized Account Administrator handles all personal information for the assigned group. The Account Administrator can only access information necessary to serve the group with a secure log-in and password.
- Personal information is stored in a secure, electronic environment in our mainframe system. It is not accessible remotely and cannot be loaded onto a laptop, CD, or other portable device.
- All paper enrollments and forms are shredded upon conversion into electronic format.
- For quality control purposes, faxes are received electronically through our software system Right Fax and they are automatically converted into images and stored in a claims queue. There are no paper faxes. Internal permissions to the software are limited; only certain employees have access to a fax from the system using a secure login and password.
- During business hours all guests are greeted in the reception area, and escorted to final destinations. During non-business hours, access is restricted to employees with a Radio Frequency Identification (RFID) card. This system logs all employee access.
- All data transactions including file transfers, administrative tasks, and customer portal access are encrypted using industry standard encryption policies. Each time a change in the system has occurred, both the time stamp and user responsible for the change is logged. Seamless disaster recovery is made possible by our fully mirrored data center. Maintaining a full-scale backup facility enables us to deliver consistent performance and reliability even in the event of a regional disaster.