Security and Privacy Policy
Help Index

Personal Health Record Security and Privacy Policy

Protecting Your Personal Health Information

Personal Health Record has been designed to comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which established standards for the privacy of individually-identifiable health information (protected health information*). It is our policy to protect the confidentiality of personal medical information. In support of the policy, we have implemented security procedures on this Web site in an effort to protect personal medical information.

*Protected Health Information (PHI) is defined as health information, including demographic data, that permits identification of an individual or could reasonably be used to identify that individual. It includes information regarding the diagnosis, medical treatment, care, advice or counseling of an identified patient, the physical or mental condition of the patient, or prescription-drug therapy for the patient.

Personal Health Record Security

For protection of all personal information, the Personal Health Record (PHR) uses 128-bit encryption. Data is transferred from an internal database (or: various internal databases) to you during a "secured session" using Secure Socket Layer (SSL) 128-bit encryption technology. SSL is the industry-standard security protocol for encoding sensitive information and works by creating a shared digital key (ranging from 40 to 1,024 characters long), which allows only the sender and receiver of the transmission to scramble and unscramble the information. SSL encryption can be broken only by intercepting the encrypted message, recording it and using a computer to try every possible combination (up to a billion or more) of characters to capture the correct digital key.

If your Internet browser does not support 128-bit encryption, you should download the most current version. If you access the Internet via a corporate network, please check with your system administrator before downloading a new Internet browser. If your Internet browser is provided by a commercial Internet service provider (ISP), such as America Online or Prodigy, you will need to check with your ISP to see if your version supports 128-bit encryption. Under current U.S. export laws, Web browsers that use 128-bit encryption may only be exported to a limited number of countries outside of the U.S. Therefore, outside of the U.S., you may not have access to such a browser and may be unable to use our protected online services.

Your Internet browser can tell you whether or not you are in a Web site secured by SSL technology by the presence of a padlock or key somewhere along the bottom of your browser's window. If the lock is closed or the key is unbroken, you are in a secured section of your host's Web site.

Registration

When you register to use the PHR, we request information from you in connection with your registration. Once you have logged in and activated your account, you may view or modify the information we have captured about you or change your password by clicking on the "User Account" link in the blue navigation area.

Password Protection

The combination of your log-in ID and password protects access to your personal information. If you fail to enter the correct password after three attempts, you will be locked out of the PHR for a specified period of time. To maintain the security of your information, do not share your password with anyone. If you give your log-in ID or password to others, you assume responsibility for possible unauthorized access. If you suspect the privacy of your log-in ID or password has been compromised, please either change your password immediately or contact PHR Customer Support.

Cookies

"Cookies" are small text files placed on your computer's hard drive by Web sites you visit to provide a more personalized online experience and a more efficient session. The cookies we use will not harm your system or collect information about you from your computer's hard drive. The PHR uses cookies to determine if you have previously visited our Web site, remember that you have already logged in during the current session and log the pages you visit. You can set your Internet browser to reject cookies or notify you when they are present. However, rejecting cookies may make some of PHR features or functions unavailable to you. The cookies used by the PHR are temporary and are deleted automatically when you close your browser session. These cookies do not collect personally identifiable information.

Email

We discourage the sending of emails containing personal health information through any system. Regular, non-encrypted Internet email is not secure and should be used only for non-sensitive and non-confidential inquiries.

Use of Your Personal Information

Information you provide during your online sessions may not be used by your health care provider for their own marketing or administrative purposes. Your information will not be sold or shared with third parties.

Security Tips

  • Regularly change your password.
  • Do not share your password with anyone.
  • Use the links provided within the PRH instead of the "back" button or other browser navigational buttons.
  • "Log out" when you have finished your session.
  • Close your web browser when you leave your PC to ensure that no one else can any access private information stored in your browser's memory.