To use this website, you must have your employee ID or Social Security Number and your confidential Personal Identification Number (PIN). If you have questions or need help,
please contact your Human Resources Department.
While this website is accessed over the public Internet, your connection to the site is encrypted and secure. We also employ a wide range of measures for the security of data entrusted to us by customers.
While our security measures are extensive, you should always make sure that you are accessing the website via a secure connection and that you never transmit files you download from the website over an unsecured connection.
HTTPS (the Hyper Text Transfer Protocol over SSL) is the method your web browser uses to connect to the website. SSL delivers server authentication and data integrity using a digital certificate issued by a trusted certificate authority. The digital certificate is used to verify the connection between the server's public key and the server's identity. This means that when you connect with the website, you are assured that the server is not sponsored by an imposter.
Communication via HTTPS is secured using an advanced encryption algorithm which prevents tampering and eavesdropping. Depending on what web browser you use, you may be able to request a Security Report that describes how secure the connection is.
You can tell whether a document comes from a secure server by looking at the location (URL) field. If the URL begins with https:// (instead of http://), the document comes from a secure server. Your web browser will notify you if there is a problem with the website certificate. If your browser notifies you that there is a problem with the website certificate, you should not log onto the site because your connection to the site will not be secure.
The servers that host the website reside in separate data centers in the United States. To reduce the risk of both data centers being impacted by the same catastrophic event, the data centers are located hundreds of miles apart, are connected to different network providers, and are powered by separate power grids. Service at one data center can be transferred in minutes to the other data center, if required.
Both the data centers provide extensive security measures to protect access to the servers, including:
The facilities also provide extensive on-site support to ensure the continuous operation and high availability.
Some information sent you by the website may be delivered by a Content Delivery Network ("CDN"). The CDN is used to distribute some web page assets, such as images, videos, style sheets, and script libraries via local servers co-located with various Internet providers. By keeping local copies of these assets, the CDN can deliver them to your web browser directly, thereby reducing Internet traffic. For security reasons, your personal information is never sent over the CDN.
In addition to data replication between the primary and secondary data centers, customer information is protected by frequent backups. At each facility, we have deployed dedicated archive servers that store backups for all customer databases. These backups are automatically copied from one data center to the other continuously. Backups are tested frequently to ensure that the backup files are valid.
For each client database, we retain:
All backups are compressed and encrypted using a symmetrical encryption algorithm known as the Advanced Encryption Standard ("AES"), which is widely considered to be among the most secure types of encryption and adopted by both U.S. and Canadian governments.
We have implemented extensive technical safeguards to assure network and host security and to manage server vulnerability.
We perform vulnerability scans every month to validate the security measures.
System security also depends heavily on managing the software development life cycle (SDLC) effectively. Each phase of the SDLC includes certain security tasks to make sure that security is an integral part the process. The SDLC requires that:
We utilize an independent third-party auditor accredited by the American Institute of Certified Public Accountants (AICPA) to conduct annual Service Organization Control 2 (SOC 2, Type 2) examinations of our security practices and business process controls. We also insist that the data centers hosting the websites undergo similar accreditation. The SOC 2, Type 2 examination is widely recognized, and assures our ability to handle data securely though the evaluation and testing of internal processes, procedures, and controls.
For more information about how your information is protected on this website, see the Security Information.
By necessity, the site keeps track of personal information required for benefit enrollment. This personal information may include:
Certain other information may be collected automatically during your use of the website. This general information includes:
Personal information and automatically collected information is kept strictly confidential by the Sponsor and is used for internal purposes only, including, without limitation, providing you with requested services, improving our marketing and promotional efforts, statistically analyzing web site usage, improving our content and web site offerings, and to customize our web sites' content and layout. Except as disclosed in this Privacy Notice, the Sponsor will not sell, lend, rent, or otherwise disclose any personal information to any third parties. However, your personal information may be shared with affiliates, agents, or contractors of the Sponsor in the course of providing the services.
In the course of using this website, you may share information that qualifies as Protected Health Information ("PHI") under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). Please refer to the HIPAA Notice for information about PHI may be used and disclosed.
Your User ID and Password (or Personal Identification Number) provide access to the site and are associated with your user profile. Your user profile may contain preferences, such as language, email format, and interests.
The website may contain links to other internet web sites. We encourage all of our partners, contributors, and third parties to implement policies and practices that respect the privacy of our users. However, the Sponsor is not responsible for the privacy practices or the content of such web sites. To the extent that you disclose your information to other parties, even if they are linked from this website, different rules may apply to the use or disclosure of personal information you disclose to them. Because the Sponsor does not control the privacy policies of third parties, you are subject to the privacy customs and policies of that third party.
The Sponsor may provide its users with chat rooms, forums, message boards, and/or news groups. Please remember that any information disclosed in these areas becomes public information and you should exercise caution when deciding to disclose your personal information.
In the course of business, the Sponsor, or substantially all of its assets may be acquired. In such a transaction, customer information will of course be one of the transferred business assets.
This is an electronic enrollment for personal insurance coverage using electronic records, transactions, and signatures. By completing this electronic enrollment process, you understand and are consenting to be bound by the terms and conditions of the insurance policies for which you are enrolling and are adopting this electronic enrollment process with the intent that completing such process will serve as your electronic signature.
Following the enrollment, the companies that administer your coverage may deliver your insurance policies or certificates to you by mail, electronic mail, or through the Internet. The company may or may not offer access to certain electronic records of your enrollment through the Internet.
By presenting your user ID and password (or Personal Identification Number) you agree to conduct this transaction by electronic means and understand that this transaction will be submitted electronically. Your electronic signature will be as legally binding and enforceable as if you had signed on paper.
In the course of using this website, you may share information that qualifies as Protected Health Information (“PHI”) under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). PHI is information created or received by us during your use of the site which identifies you, or for which there is a reasonable basis to believe the information can be used to identify you, and that relates to:
HIPAA, and other related federal and state legislation, defines a set of rules governing how companies maintain the privacy of customers’ PHI. HIPAA also requires that we provide customers with notice of our legal duties and privacy practices with respect to your PHI. This HIPAA Notice describes how we may use and disclose PHI to perform enrollment, claims handling, payment, general insurance operations, and for other purposes that are permitted or required by law.
Except as described in the next section of this Notice, we will not use or disclose your PHI for any purpose unless you have signed a form authorizing the use or disclosure. You have the right to revoke that authorization in writing at any time. However, any action already taken by the Plan or others in reliance on the authorization cannot be changed.
For Payment. We may make use of and disclose your PHI without your written authorization as may be necessary for payment purposes. For example, we may use information regarding your medical procedures and treatment to process and pay claims or certify these services are covered under your Plan.
For Administrative Operations. We may make use of and disclose your PHI without your written authorization as necessary for our administrative operations. Administrative operations include our usual business activities, examples of which are management, licensing, peer review, quality improvement and assurance, enrollment, underwriting, reinsurance, compliance, auditing, rating, claims handling, complaint handling and other functions related to your benefits.
To Individuals Involved in Your Care. We may, without your written authorization, for the purposes of treatment, payment, or administrative operations, disclose the fact that you are covered under a plan or that payment has been processed to a family member, other relative, your close personal friend, or any other person you may identify. In these circumstances, we would not disclose any PHI which is not directly relevant to that person’s involvement with your care or with payment for your care.
If you have designated a person to receive information regarding payment of the premium or pay premium via credit card, we may inform that person or credit card facility when your premium has not been paid or received.
We may also disclose limited PHI to a public or private entity that is authorized to assist in disaster relief efforts in order for that entity to locate a family member or other persons that may be involved in some aspect of caring for you.
To Business Associates. Certain aspects and components of our services are performed through contracts with outside persons or organizations. Examples of these may include, but are not limited to insurance agents, financial auditors, reinsurers, legal services, enrollment and billing services, claim payment, and medical management services. We may provide access to your PHI without your written authorization to one or more of these outside persons or organizations who assist with payment or administrative operations. The Sponsor requires these business associates to safeguard the privacy of your information appropriately.
For Other Products and Services. The Sponsor may contact you without your written authorization to provide information regarding upgrades or additional benefits that may be of interest to you. For example, we may use the fact that you currently are insured under a plan for the purpose of communicating to you about changes to the plan or products that could enhance or add value to existing coverage.
For Other Uses and Disclosures. We are permitted or required by law to make some other uses and disclosures of your PHI without your authorization:
Unless otherwise excluded in this Notice, we will not disclose your PHI to any person or entity not specifically mentioned elsewhere in this Notice without your express written authorization.
Right to an Accounting of the Disclosures of Your PHI. Upon request, you may obtain an accounting of certain disclosures of your PHI made by us, excluding disclosures made earlier than six years before the date of your request. If you request an accounting more than once during any 12-month period, we will charge you a reasonable fee for the subsequent accounting statements.
Right to Request Confidential Communications. We will accommodate your reasonable request to receive communications of your PHI from us by alternative means of communication or at alternative locations if the request clearly states that disclosure of that information could endanger you.
Personal Representatives. You may exercise your rights through a personal representative who will be required to produce evidence of his or her authority to act on your behalf. Proof of authority may be made by a notarized power of attorney, a court order of appointment of the person as your legal guardian or conservator, or if you are the parent of a minor child. We reserve the right to deny access to your personal representative.
Right to Receive Paper Copy of this Notice. You may obtain a copy of this Notice. You may obtain a paper copy of this Notice even if you agreed to receive such notice electronically. Please contact us and we will mail it to you.
We may change the terms of this Notice at any time. If we change this Notice, we may make the new terms effective for all of your PHI that we maintain, including any information we created or received prior to issuing the new notice.