Security Policy

GENERAL
Intelecare Compliance Solutions, Inc. (hereinafter "Intelecare") is firmly committed to securing and protecting your personal information. As described in more detail in our Privacy Policy (http://www.intelecare.com/privacy-policy.php), we have implemented various security measures to protect against the unintended loss, disclosure, misuse or alteration of the information under our control. We continue to monitor best practices in privacy and security and upgrade our security measures as appropriate to ensure your peace of mind.

THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT ("HIPAA") AND THE HEALTH INFORMATION FOR TECHNOLOGY FOR ECONOMIC AND CLINICAL HEALTH ("HITECH") ACT

Although many people assume that HIPAA protects all personal health information, however obtained and wherever stored, HIPAA is actually somewhat limited in its applicability. HIPAA governs only "covered entities" and their "business associates." Covered entities under HIPAA include (i) health plans (insurance companies, HMOs, etc.); (ii) health care clearinghouses (entities that convert health information into or out of standard formats for billing or other purposes); and (iii) most health care providers (physicians, hospitals, etc.). Business associates are entities that contract with covered entities to provide certain services that involve the use or disclosure of individually identifiable health information.

Intelecare is not a covered entity under HIPAA but does, in some circumstances, act as a business associate. In such circumstances, Intelecare will comply with the rules promulgated by the Department of Health and Human Services under both HIPAA and HITECH that apply to business associates, including the rules relating to security of personal health information and rules requiring notification of security breaches of unsecured protected health information.

SECURITY
Intelecare has implemented various security measures to protect against the unintended loss, disclosure, misuse or alteration of the information under our control. As described in our Privacy Policy, we do not store cookies on your machine and we password-protect your account. Most importantly, all the information Intelecare collects is hosted on secure servers stored behind firewalls that are backed up regularly to ensure minimal loss of information in the event of a system failure or disaster. In addition, all of your personal information is encrypted when it is stored in and transmitted by our system. "Encrypted" means that it is scrambled with special complex codes so that no other computer can read it.

The federal government has issued guidance regarding encryption standards for personal health information and intends to issue updated guidance on appropriate security measures as technology advances. Intelecare will monitor the federal guidance and, wherever practicable and appropriate, intends to encrypt all information on its servers and otherwise secure personal information in accordance with the federal guidance or otherwise in accordance with industry standards.

INTRUSION DETECTION
Intelecare maintains a current industry-standard real-time intrusion detection system on all systems' external access. Intelecare actively monitors the intrusion detection system for signatures that correspond to attempts at breaking or circumventing the security or availability of networks and systems. In this way, Intelecare can act quickly to prevent or mitigate any adverse affects of any improper access.

MITIGATION, REMEDIATION AND NOTIFICATION OF SECURITY BREACHES
Intelecare intends to comply with all applicable state and federal laws that require mitigation, remediation and notification of security breaches. It is the policy of Intelecare to take reasonable steps to mitigate any known harmful effects of the use or disclosure of personal information in violation of its policies and procedures, applicable state or federal law, or the terms of any business associate agreements to which it is a party. In addition, Intelecare will make any legally required notifications of security breaches involving personal information, including notifications required by HITECH and the American Recovery and Reinvestment Act, applicable state law, and other applicable laws.

Suspected security incidents may be reported to Intelecare's Privacy Officer by emailing emailing compliance@intelecare.com or sending a letter via regular mail to the following address:

Intelecare Compliance Solutions, Inc.
One Audubon Street, Suite 200
New Haven, Connecticut 06511
Attention: Office of Compliance

Intelecare will evaluate all reports to determine whether a violation has occurred and to assess appropriate mitigation and remedial measures and notification requirements, if any.

In the event that a reported incident relates to information that Intelecare has received in its role as a business associate, Intelecare will coordinate all notifications and mitigation/remediation efforts with the applicable covered entity as appropriate. IN THE UNLIKELY EVENT OF A BREACH THAT REQUIRES NOTIFICATION, IF YOU ARE PARTICIPATING IN INTELECARE'S REMINDER SERVICE THROUGH A HEALTH PLAN OR HEALTH CARE PROVIDER, YOU MAY NOT RECEIVE NOTICE FROM INTELECARE, BUT MAY INSTEAD RECEIVE NOTICE DIRECTLY FROM YOUR HEALTH PLAN OR HEALTH CARE PROVIDER.

NOTIFICATION OF CHANGES
If Intelecare decides to change this Security Policy, we will post those changes on the Intelecare website (www.intelecare.com) so our users are always aware of our security efforts.

NOTE: IF YOU DO NOT AGREE WITH THE MANNER IN WHICH INTELECARE WILL PROTECT YOUR INFORMATION AS DESCRIBED IN THIS SECURITY POLICY, PLEASE DO NOT USE ANY INTELECARE SERVICE.

Last Updated: 24 March 2010