Login  |  Register  |  Contact us

Security Policy

GENERAL
Remedy Health Media, LLC (hereinafter "Remedy") is firmly committed to securing and protecting your personal information. As described in more detail in our Intelecare Privacy Policy, we have implemented various security measures to protect against the unintended loss, disclosure, misuse or alteration of the information under our control. We continue to monitor best practices in the privacy and security industries and upgrade our security measures as appropriate to ensure your peace of mind.

THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT ("HIPAA") AND THE HEALTH INFORMATION FOR TECHNOLOGY FOR ECONOMIC AND CLINICAL HEALTH ("HITECH") ACT

Although many people assume that HIPAA protects all personal health information, however obtained and wherever stored, HIPAA is actually somewhat limited in its applicability. HIPAA governs only "covered entities" and their "business associates." Covered entities under HIPAA include (i) health plans (insurance companies, HMOs, etc.); (ii) health care clearinghouses (entities that convert health information into or out of standard formats for billing or other purposes); and (iii) most health care providers (physicians, hospitals, etc.). Business associates are entities that contract with covered entities to provide certain services that involve the use or disclosure of individually identifiable health information.

Remedy is not a covered entity under HIPAA but does, in some circumstances, act as a business associate. In such circumstances, Remedy will comply with the rules promulgated by the Department of Health and Human Services under both HIPAA and HITECH that apply to business associates, including the rules relating to security of personal health information and rules requiring notification of security breaches of unsecured protected health information.

SECURITY
Remedy has implemented various security measures to protect against the unintended loss, disclosure, misuse or alteration of the information under our control. As described in our Intelecare Privacy Policy, we do not store cookies on your machine or device and we password-protect your account. Most importantly, all the information Remedy collects through its Intelecare service is hosted on secure servers stored behind firewalls that are backed up regularly to ensure minimal loss of information in the event of a system failure or disaster. In addition, all of your personal information is encrypted when it is stored in and transmitted by our system. "Encrypted" means that your personal information is "scrambled" with special complex codes so that no other individual or computer can read it without the password to "unlock" the code.

The federal government has issued guidance regarding encryption standards for personal health information and intends to issue updated guidance on appropriate security measures as technology advances. Remedy will monitor the federal guidance and, wherever practicable and appropriate, intends to encrypt all information on its servers and otherwise secure personal information in accordance with the federal guidance or otherwise in accordance with industry standards.

INTRUSION DETECTION
Remedy's Intelecare system maintains a current industry-standard real-time intrusion detection system on all systems' external access. Remedy actively monitors the intrusion detection system for signatures that correspond to attempts at breaking or circumventing the security or availability of networks and systems. In this way, Remedy can act quickly to prevent or mitigate any adverse affects of any improper access.

MITIGATION, REMEDIATION AND NOTIFICATION OF SECURITY BREACHES
Remedy intends to comply with all applicable state and federal laws that require mitigation, remediation and notification of security breaches. It is the policy of Remedy to take reasonable steps to mitigate any known harmful effects of the use or disclosure of personal information in violation of its policies and procedures, applicable state or federal law, or the terms of any business associate agreements to which it is a party. In addition, Remedy will make any legally required notifications of security breaches involving personal information, including notifications required by HITECH and the American Recovery and Reinvestment Act, applicable state law, and other applicable laws.

Suspected security incidents may be reported to Remedy's Privacy Officer by emailing compliance@intelecare.com or sending a letter via regular mail to the following address:

Remedy Health Media, LLC.
500 5th Avenue, Suite 1900
New York, New York 10110
Attention: Office of Compliance

Remedy will evaluate all reports to determine whether a violation has occurred and to assess appropriate mitigation and remedial measures and notification requirements, if any.

In the event that a reported incident relates to information that Intelecare has received in its role as a business associate, Remedy will coordinate all notifications and mitigation/remediation efforts with the applicable covered entity as appropriate. IN THE UNLIKELY EVENT OF A BREACH THAT REQUIRES NOTIFICATION, IF YOU ARE PARTICIPATING IN REMEDY'S INTELECARE REMINDER SERVICE THROUGH A HEALTH PLAN OR HEALTH CARE PROVIDER, YOU MAY NOT RECEIVE NOTICE FROM REMEDY, BUT MAY INSTEAD RECEIVE NOTICE DIRECTLY FROM YOUR HEALTH PLAN OR HEALTH CARE PROVIDER.

NOTIFICATION OF CHANGES
If Remedy decides to change this Security Policy, we will post those changes on our website so our users are always aware of our security efforts.

NOTE: IF YOU DO NOT AGREE WITH THE MANNER IN WHICH REMEDY WILL PROTECT YOUR INFORMATION AS DESCRIBED IN THIS SECURITY POLICY, PLEASE DO NOT USE ANY REMEDY SERVICES.

© 2011 Remedy Health Media, LLC. All rights reserved.

Any rights not expressly granted herein are reserved.

Last Updated: 7 June 2011