|
Terms of Use
We understand that the
security of your personal and health
information is important to you. We also
understand that our continued success as a
leading health and well being institution
relies on our ability to communicate with
you in a secure manner.
We adhere to the highest standards of
decency, fairness and integrity in our
operations. On the Internet, we take a
number of measures to authenticate your
identity when you access our services. We
also take steps to protect your information
as it traverses the Internet to and from
your desktop. We take steps to make sure all
information is as secure as possible against
unauthorized access and use. We also review
our security measures periodically. Despite
our best efforts, and the best efforts of
other firms, "perfect security" does not
exist on the Internet, or anywhere else.
Authentication
We use different pieces of information,
collectively known as access codes, to
properly identify and authenticate you
before allowing you secure access to your
member information. The first piece of
information is your name and date of birth
that is matched to eligibility information
along with the member number from the ID
Card provided to you by your plan sponsor.
Another piece of information is your
Dependent Code, a code that is unique to
you. Once you have successfully completed
the registration process, we will randomly
assign you a UserID and initial password.
You need to save your UserID and password.
For further security, you will be prompted
to change your UserID and password on to a
unique UserID and password that you choose.
These will be stored on an encrypted
database that is isolated from the Internet.
Data Traversing the Internet
Our site uses the highest levels of Internet
security. We require the use of a secure
browser and use its features such as data
encryption, Secure Sockets Layer (SSL)
protocol, user names and passwords, and
other tools. The system encrypts the login
information and personal information that
flows back and forth between you and us.
Encryption is the process of scrambling the
information so that it can only be
reassembled by the intended recipient-
someone recording the communication will not
be able to decipher the information. We use
128 bits for this encryption- the standard
for our industry and the financial industry-
making it virtually impossible for anyone
else to read it. You can tell when you are
on a secure page by looking at the URL
(location or address field in the browser).
If it begins with "https://" rather than
"http://" the page is secure.
Digital Certificate
You can tell whether you are truly connected
to us by viewing our digital certificate.
The certificate verifies the connection
between our public key and our server's
identification. Cryptography using digital
signatures ensures you can trust the
information within the certification. Your
browser looks at it and trusts it. It is
similar to your local highway traffic law
enforcement department; the people there
trust the information on your driver's
license, should you be lucky enough for them
to request to see it.
Logout and our Timeout Feature
We make use of a secure login and advise you
to log out of our site as soon as you are
finished with your access. We also use a
timeout feature to protect you further.
After an extended period of inactivity at
our site, we will log you out automatically.
Data Within our Walls
The personal information our site collects
is stored in secure operating environments
that are not available to the public or
other members. We employ mechanisms to
protect data within our walls. One such
mechanism is a firewall that protects our
computer systems and your information.
Firewalls are selective barriers that block
access and allow only authorized traffic
through.
We also use system and application logs to
track all access. We review these logs
periodically and investigate any anomalies
or discrepancies.
Within our organization, we base access to
member information on the sensitivity of the
information, and our employee's
need-to-know. We authorize employees and
representatives to use available member
information for authorized business purposes
only. Each employee receives a code of
conduct that details our requirement for our
employees when using this information.
Disregard of these requirements may result
in disciplinary action up to and including
termination.
Security
Recommendations
To maintain a high level of security, we
recommend that you follow the following
practices:
- Eliminate cached
pages before leaving a shared or public
computer, at a library or an Internet
café. We recommend that you close the
browser you were using before leaving.
- Protect and never
share your Access Codes. Our
administrator will never ask you for
your password. Do not be duped by
malicious emails asking for your
password. This is a well-known trick
designed to trick you into sharing your
password.
- Always complete an
online session and log out when done. Be
sure to do so before leaving your
computer. It is quick and easy and may
save your account from unwanted
trespassers.
- Make sure that you
are using an up-to-date version of
Internet software (such as Netscape
Navigator or Microsoft Internet
Explorer). Versions that are more recent
often have enhanced security protection.
- When you log in,
check the "last logged in" date and time
information. If you see a login other
than one you remember, change your
password immediately and contact us.
- If using a browser
such as Internet Explorer 5.0 or
greater, turn off the AutoComplete
feature. This feature will remember User
IDs and passwords, as well as other
information you type into web pages that
contain forms. When the browser
encounters this form again, it will
prefill the form with your answers from
last time. This feature could let other
users of your computer log in as you.
- If using Internet
Explorer 5.0 or greater, set your
temporary browser file setting to
refresh your web pages once every
browser session. Change this setting
prior to logging in, then close and
restart your browser.
|