Protecting Your Personal Infomation
HealthSlate has processes in place to protect all electronic, oral, or written information about the identity and health of our members, also known as Protected Health Information or “PHI”. We also protect personal information like your social security number, also called “PI”, from being used or released in a way that violates federal or state laws. While we need your PHI/PI at times for valid reasons to provide our services, we take measures to limit the chance of your protected information being used in inappropriate ways.
How do we protect your personal information?
- We limit the amount of information employees can access. They may only access information that is required by their job. Employees who do not need such access are only able to see an internal member ID rather than any PHI or PI.
- When sharing information related to your health, we only share the minimum amount needed to complete the request or task at hand.
- We verify the identity of any person requesting PHI and confirm their authority to access PHI before they receive any written or oral documentation, statements or representation.
- We require the proper use of our computing equipment, hardware, software, information systems and other technology including, but not limited to; smartphones, tablets, desktop PCs, laptops and email.
- We use encryption software on all computers to prevent access by people without proper passwords.
- We require “two factor” authentication – via email and text messaging – for any employees to be able to create or change a password.
- We require all employees to follow these processes:
- Employees must ensure that PHI is used or disclosed for its intended purpose and follows federal and state laws and our policies.
- Employees must not share passwords or use another’s user id to sign on to our computers or computer programs.
- Employees shall not misuse PHI for personal gain.
- Employees shall not access, use or disclose PHI for family members or personal acquaintances.
- Employees must not disclose PHI to unauthorized individuals.
- Employees must not knowingly attempt to gain access to PHI that is not within the scope of the employees’ job responsibilities.
- Employees must not disclose PHI outside the assigned job responsibilities.
- Employees must not take action against other workforce members for reporting misuse of PHI.
- We may not take action against employees for reporting misuse of PHI
- We conduct privacy and security awareness trainings to all new employees, and every year to all employees. These trainings review federal and state laws and our policies that regulate confidential and privacy information including:
- The definition of PHI and PI, whether in paper, electronic or verbal form
- How to identify documents that are considered confidential and not for public consumption
- Responsibilities of protecting PHI and PI and other confidential information
- How to report violations
- Penalties and consequences associated with violations of federal and state rules and Plan policies
- We limit access to sensitive areas in the company to only those whose job requires access to these areas.
- We use secure bins for the shredding and disposal of PHI and PI.