Privacy & Security Securing the privacy of our clients and HRA respondents is of the utmost importance in all that we do.
	How Is Privacy Ensured? Wellness Checkpoint® secures privacy at the individual level while measuring, tracking and reporting global corporate indicators.
	Application Security Application security features include: a private personal ID and password known only to the respondent one-way encryption of the password encoding of the data and proprietary data mapping internal use of a system-generated, confidential ID to control the interactive assessment session online interaction which passes coded data in small sets rather than passing data from an entire questionnaire all at once. This helps protect the individual from "cyber" snoopers. restricted access to all administrative and group reporting through AdminCentral: login access control given to pregistered authorized administrators with permissions granted for specific functions and group data, as determined by the client's Master Administrator.
	Encryption During Transmission For encryption of all data during transmission. InfoTech can acquire an SSL certificate specifically for the client application’s assigned domain or sub-domain name.
	Security of Access to Reporting Only authorized administrators are granted specific permissions for Group/Sub group data and application administration access (see AdminCentral).
	Additional Access Security Options IP filters can be set up to control employee access to the application from designated servers on the corporate intranet. For clients requiring additional access security, a SecureID option can restrict access to AdminCentral and report generation to specific workstations and coded e-passkeys.
	How Secure Is InfoTech's Hosting Facility? InfoTech hosts all client applications in a secure, offsite, co-hosting facility, run by GT Telecom. This hosting environment includes: 24/7 physical access security, monitored by sound and video recording and key card entry (with PIN) restricted to authorized personnel uninterruptible power source (diesel generator backup), argon gas fire suppression system and other physical site protections and redundancies a dedicated firewall device which is configured and secured using industry best practices. The firewall software is updated regularly to ensure that all potential security risks are mitigated. Operational access is restricted to approved InfoTech network administrators. The firewall implements proxy services as well as port blocking in order to maximize the protection of the web servers. servers which are secured using Microsoft guidelines for Windows 2000. All security updates are applied as per Microsoft security bulletins. All non-essential services are disabled and the computers function as web servers only.
	Compliance with Privacy Legislation Privacy protection legislation in the U.S., Canada and Europe detail the requirements for ensuring the security and confidentiality of "personal information." In the case of HIPAA, the legislation specifically deals with "personal health information." In all but exceptional client applications, Wellness Checkpoint® operates without knowing the actual identity of the individual user. Even though this places our application outside the technical boundaries of “individually identifiable health information,” InfoTech still adheres to the spirit and letter of applicable privacy legislations. The privacy legislations also address issues of data validity and access by individuals to their data, with associated rights, processes and remedies to ensure personal data maintained on them are correct. These provisions do not apply to Wellness Checkpoint® as they assume that: the identity of the individual is known records are created by an entity other than the individual In the case of Wellness Checkpoint®, assessment records stored on the system are self-reported, originate directly with the individual, and can only be accessed and updated by the individual. The individual has full access to update his/her assessment at any time, assuming he/she continues to be in a licensed group and continues to have online access to the application.
	HIPAA HIPAA defines individually identifiable health information as a subset of health information, including demographic information, collected from an individual that: is created or received by a health care provider, health plan, employer or health clearinghouse; and relates to the past, present or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present or future payment for the provision of health care to an individual and: that identifies the individual; or with respect to which there is a reasonable basis to believe the information can be used to identify the individual. In Section 164.514, HIPAA further defines the requirements for de-identification of protected individually identifiable information as the removal of: names, addresses and unique numbers such as social security, medical records, health plans, drivers or vehicle license, device identifiers, internet identifiers (e-mail address, URL, IP address) or biometric identifiers or photographic images. HIPAA further recognizes that conversion of personally identifiable information for the purposes of health research should be encouraged, while preserving the patient’s privacy and without specific consent. As well, HIPAA allows for the use of “safe harbors”. (See Download Privacy Rule.) "The intent of the safe harbor is to provide a means to produce some de-identified information that could be used for many purposes with a very small risk of privacy violation. The safe harbor is intended to involve a minimum of burden and convey a maximum of certainty that the rules have been met by interpreting the statute on a reasonable basis to believe that the information cannot be used to 'identify the individual.'" "Covered entities may use codes and similar means of marking records so that they may be linked or later re-identified, if the code does not contain information about the subject of the information (for example, the code may not be a derivative of the individual's social security number), and if the covered entity does not use or disclose the code for any other purpose. The covered entity is also prohibited from disclosing the mechanism for re-identification, such as tables, algorithms, or other tools that could be used to link the code with the subject of the information.” Minimum necessary disclosures of “safe harbor” or protected information is allowed when the information is requested by a professional who is a member of its workforce or is a business associate of the covered entity for the purpose of providing professional services to the covered entity, if the professional represents that the information requested is the minimum necessary for the stated purpose(s). (164.514). (D), (3). (C)