|
We understand that the security of individuals'
personal and health information is important. Our continued success
as a leading health and well being organization relies on our
ability to maintain a robust security program consistent with
the ethics of privacy and confidentiality in health care delivery.
We strive to adhere to the highest standards of
decency, fairness and integrity in our operations. On the Internet,
we take a number of measures to authenticate your identity when
you access our services. We also take steps to protect sensitive
information as it traverses the Internet to and from your desktop.
We take steps to make sure all sensitive information is as secure
as possible against unauthorized access and use. We also review
our security measures periodically. Despite our best efforts, and
the best efforts of other firms, "perfect security" does
not exist on the Internet, or anywhere else.
Authentication
We use different pieces of information, collectively
known as access codes, to properly identify and authenticate you
before allowing you secure access to sensitive information. The
first piece of information is a User ID that is created
from information you provided UBH in your clinician application.
Along with that UserId you will receive a temporary password.
Once you logged in the first time, you will be prompted to generate
the final piece of information: your personal password. For further
security, we store your User ID and password on an encrypted database
that is isolated from the Internet and we will require you to change
your personal password on a periodic basis.
Data Traversing the Internet
Our Web site uses the highest levels of Internet security.
We require the use of a secure browser and use its features such
as data encryption, Secure Sockets Layer (SSL) protocol, user names,
passwords and other tools. The system encrypts the login information
and personal information that flows back and forth between you and
us.
Encryption is the process of scrambling the information
so that it can only be reassembled by the intended recipient. Another
person attempting to read the communication will not be able to
decipher the information. We use 128 bits for this encryption, the
dominant standard for the health and the financial industry, making
it virtually impossible for anyone else to read it. You can tell
when you are on a secure page by looking at the URL (location or
address field in the browser). If it begins with "https://"
rather than "http://", the page is secure.
It is not our practice to include any protected health
information (PHI) in standard e-mails that we may send to you over the
Internet. Likewise, you should not send standard e-mails to UBH that contain member PHI.
To respond to you regarding personal or sensitive matters,
we may call you or send you an unencrypted e-mail with a response that does not contain member PHI.
While this is not always convenient, it is done to protect sensitive information.
Logout and our Timeout Feature
We make use of a secure login and typically advise
you to log out of our Web site as soon as you are finished with your
access.
We also use a timeout feature to protect you further.
After an extended period of inactivity at our Web site, we will
log you out automatically.
Data Within our Walls
The personal information our Web site collects is stored
in secure operating environments that are not available to the general
public. We employ mechanisms to protect data within our organization.
Multiple firewalls protect our computer systems and information
contained within those systems. Firewalls are filters or selective
barriers that block access and allow only authorized traffic through.
We often use layers of firewalls, so even if one firewall is breached,
another layer of protection would exist.
We also use system and application logs to track
all access. We review these logs periodically and investigate any
anomalies or discrepancies.
Within our organization, we base access to third-party
enrollee information on the sensitivity of the information and our
employees' need-to-know. We authorize employees and representatives
to use available sensitive enrollee information for authorized business
purposes only. Each employee receives a code of conduct that details
our requirement for our employees when using this information. Any
violation may result in disciplinary action up to and including
termination.
Additional Security Suggestions For You
Although your own security program is, must and
should remain your own responsibility, we offer the following suggestions:
- Eliminate cached (i.e.temporarily saved) pages
before leaving a shared or public computer, at a library or an
Internet cafe.We recommend that you close the browser you were
using before leaving the computer.
- Protect and never share your access codes with
those who do not have a right to use them. Do not be duped by malicious
e-mails asking for your password. This is a well-known ploy designed
to trick you into sharing your password.
- Always complete an online session and log out
when finished. Be sure to do so before leaving your computer.
It is quick and easy and may save your account from unwanted trespassers.
- Make sure that you are using an up-to-date version
of Internet software (such as Netscape Navigator or Microsoft
Internet Explorer). Versions that are more recent often have enhanced
security protection.
- If using a browser such as Internet Explorer
5.0 or greater, turn off the AutoComplete feature. This feature
remembers enrollee User IDs and passwords, as well as other information
you type into web pages that contain forms. When the browser encounters
this form again, it will prefill the form with your answers from
the last time you accessed the site. This feature could let other
users of your computer log in as you.
- If using Internet Explorer 5.0 or greater, set
your temporary browser file setting to refresh your web pages
once every browser session. Change this setting prior to logging
in, then close and restart your browser.
- We take the security of individual's personal
and health information seriously. We know you do too. As you delegate
access to this site to other personnel in your organization, please
follow the guidelines listed below:
- Allow access only to personnel who have
a legitimate business need to use secured portions of ubhonline.
- Monitor on a regular basis who within your
organization has access to ubhonline.
- Advise all users they are bound by the terms
of the Web site Use Agreement.
|
