Privacy & Security FAQ How does Wellness Checkpoint® ensure privacy? Is a third party security option available? What are the details of our hosting facility? How do we deal with privacy legislation? How does Wellness Checkpoint® ensure privacy? truly private personal ID and passwords known only to the respondent one-way encryption of the password internal use of a system-generated, confidential ID encoding of the data and proprietary data mapping conversational, online interaction that respects and protects the individual’s data from unauthorized access and “cyber” snooping Login access controlto Admincentral with individual permissions granted to authorized administrators which limit their use of functions and data as determined by the client’s Master Administrator Is a third party security option available? SSL 3.0, RC4 with 128 bit encryption (where required by client) SecureID option to further restrict access to AdminCentral and the generation of group reports What are the details of our hosting facility? A secure offsite co-hosting environment with Uninterruptible Power Source (diesel generator backup) argon gas fire suppression system, and other physical site protections and redundancies. It is monitored by sound and video recording with 24 x 7 physical access security, and key card (with PIN) entry restricted to authorized personnel. A dedicated firewall device that is configured and secured using industry best practices. The firewall software is updated regularly to ensure all potential security risks are mitigated. Operational access is restricted to approved InfoTech network administrators. The firewall implements proxy services as well as port blocking in order to maximize the protection of the web servers.. Servers that are secured using Microsoft guidelines for Windows 2000. All security updates are applied as per Microsoft security bulletins. All non-essential services are disabled and the computers function as web servers only. How do we deal with privacy legislation? Privacy protection legislation in Europe, the U.S. and Canada consistently detail requirements to ensure the security and confidentiality of “personal health information,” which is typically defined as individually identifiable health information. In all but exceptional client applications, Wellness Checkpoint® operates without knowing the actual identity of the individual completing the assessment and accessing it over time. Even though this places our application outside the boundaries of “individually identifiable health information,” InfoTech still adheres to the spirit and letter of applicable privacy legislations. Records collected, stored and maintained by Wellness Checkpoint®, originate with the individual, can only be accessed for viewing and update by the individual, and are maintained over time by the individual, with full access to update the profile at any time so lon as the respondent continues to be in a licensed group and continues to have online access to the application. Therefore, legislation pertaining to individual access to correct errors and related procedures and remedies do not apply to Wellness Checkpoint.