We understand that the security of your personal and health information is important to you. We also understand that our continued success as a leading health and well-being institution relies on our ability to communicate with you in a secure manner.
We adhere to the highest standards of decency, fairness, and integrity in our operations. On the Internet, we take a number of measures to authenticate your identity when you access our services. We also take steps to protect your information as it traverses the Internet to and from your desktop. We take steps to make sure all information is as secure as possible against unauthorized access and use. We also review our security measures periodically. Despite our best efforts, and the best efforts of other firms, “perfect security” does not exist on the Internet, or anywhere else.
We use different pieces of information, collectively known as access codes, to properly identify and authenticate you before allowing you secure access to your member information. The first piece of information is your name and date of birth that is matched to eligibility information along with the member number from the ID Card provided to you by your plan sponsor.
Another piece of information is your Dependent Code, a code that is unique to you. Once you have successfully completed the registration process, we will randomly assign you a UserID and initial password. You need to save your UserID and password.
For further security, you will be prompted to change your UserID and password on to a unique UserID and password that you choose. These will be stored on an encrypted database that is isolated from the Internet.
Data Traversing the Internet
Our site uses the highest levels of Internet security. We require the use of a secure browser and use its features such as data encryption, Secure Sockets Layer (SSL) protocol, usernames and passwords, and other tools. The system encrypts the login information and personal information that flows back and forth between you and us.
Encryption is the process of scrambling the information so that it can only be reassembled by the intended recipient- someone recording the communication will not be able to decipher the information. We use 128 bits for this encryption- the standard for our industry and the financial industry- making it virtually impossible for anyone else to read it. You can tell when you are on a secure page by looking at the URL (location or address field in the browser). If it begins with “https://” rather than “http://” the page is secure.
You can tell whether you are truly connected to us by viewing our digital certificate. The certificate verifies the connection between our public key and our server’s identification. Cryptography using digital signatures ensures you can trust the information within the certification. Your browser looks at it and trusts it. It is similar to your local highway traffic law enforcement department; the people there trust the information on your driver’s license, should you be lucky enough for them to request to see it.
Logout and our Timeout Feature
We make use of a secure login and advise you to log out of our site as soon as you are finished with your access. We also use a timeout feature to protect you further. After an extended period of inactivity at our site, we will log you out automatically.
Data Within our Walls
The personal information our site collects is stored in secure operating environments that are not available to the public or other members. We employ mechanisms to protect data within our walls. One such mechanism is a firewall that protects our computer systems and your information. Firewalls are selective barriers that block access and allow only authorized traffic through.
We also use system and application logs to track all access. We review these logs periodically and investigate any anomalies or discrepancies.
Within our organization, we base access to member information on the sensitivity of the information, and our employee’s need-to-know. We authorize employees and representatives to use available member information for authorized business purposes only. Each employee receives a code of conduct that details our requirement for our employees when using this information. Disregard of these requirements may result in disciplinary action up to and including termination.
Eliminate cached pages before leaving a shared or public computer, at a library or an Internet café. We recommend that you close the browser you were using before leaving.
Protect and never share your Access Codes. Our administrator will never ask you for your password. Do not be duped by malicious emails asking for your password. This is a well-known trick designed to trick you into sharing your password.
Always complete an online session and log out when done. Be sure to do so before leaving your computer. It is quick and easy and may save your account from unwanted trespassers.
Make sure that you are using one of the two most recent versions of the most common browsers (i.e. Google Chrome, Mozilla Firefox, Microsoft Internet Explorer). Versions that are more recent often have enhanced security protection.
When you log in, check the “last logged in” date and time information. If you see a login other than the one you remember, change your password immediately and contact us.
If using a browser such as Internet Explorer 8.0 or greater, turn off the AutoComplete feature. This feature will remember User IDs and passwords, as well as other information you type into web pages that contain forms. When the browser encounters this form again, it will prefill the form with your answers from last time. This feature could let other users of your computer login as you.
If using Internet Explorer 8.0 or greater, set your temporary browser file setting to refresh your web pages once every browser session. Change this setting prior to logging in, then close and restart your browser.
Bryan York, Chief Operating Officer
2810 N. Parham Road, Suite 245
Henrico, VA 23294