HIPAA Notice of Privacy Practices: To read more about our privacy practices regarding health and medical information under the Health Insurance Portability and Accountability Act (“HIPAA”), view our HIPAA Notice of Privacy Practices.
We recognize that the privacy of your personal information is important. The purpose of this policy is to let you know how we handle the information collected through the use of this website. Portions of this website may describe privacy practices applicable to specific types of information or to information provided on specific web pages.
This policy does not apply to information collected through other means such as by telephone or in person, although that information may be protected by other privacy policies. As used in this policy, terms such as “we” or “our” and “Company” refer to Harken Health.
This website is intended for a United States audience. Any information you provide, including any personal information, will be transferred to and processed by a computer server located within the United States.
Cookies and Tracking
The Company uses various technologies, which may include “cookie” technology, to gather information from our website visitors such as pages visited and how often they are visited, and to enable certain features on this website. “Cookies” are small text files that may be placed on your computer when you visit a website or click on a URL. Cookies may include “single-session cookies” which generally record information during only a single visit to a website and then are erased, and “persistent” cookies which are generally stored on a computer unless or until they are deleted or are set to expire.
You may disable cookies and similar items by adjusting your browser preferences at any time; however, this may limit your ability to take advantage of all the features on this website. You may also manage the use of “flash” technologies, with the Flash management tools available at Adobe's website. Note that we do not currently respond to web browser “Do Not Track” signals that provide a method to opt out of the collection of information about online activities over time and across third-party websites or online services because, among other reasons, there is no common definition of such signals and no industry-accepted standards for how such signals should be interpreted.
We may use analytics companies to gather information and aggregate data from our website visitors such as which pages are visited and how often they are visited, and to enable certain features on our websites. Information is captured using various technologies and may include cookies.We may use and disclose your activity information unless restricted by this policy or by law. Some examples of the ways we use your activity information include:
Your Personal Information
This website may include web pages that give you the opportunity to provide us with personal information about yourself. You do not have to provide us with personal information if you do not want to; however, that may limit your ability to use certain functions of this website or to request certain services or information.We may use personal information for a number of purposes such as:
We may use personal information to contact you through any contact information you provide through this website, including any email address, telephone number, cell phone number, text message number, or fax number. Please see the section below titled “Our Online Communications Practices.”
We may also share personal information within the Company, and we may combine personal information that you provide us through this website with other information we have received from you, whether online or offline, or from other sources such as from our vendors. For example, if you have purchased a product or service from us, we may combine personal information you provide through this website with information regarding your receipt of the product or service.
Sharing Personal Information
We will only share your personal information with third parties as outlined in this policy and as otherwise permitted by law.
We may share personal information if all or part of the Company is sold, merged, dissolved, acquired, or in a similar transaction.
We may share personal information in response to a court order, subpoena, search warrant, law or regulation. We may cooperate with law enforcement authorities in investigating and prosecuting activities that are illegal, violate our rules, or may be harmful to other visitors.
If you submit information or a posting to a chat room, bulletin board, or similar “chat” related portion of this website, the information you submit along with your screen name will be visible to all visitors, and such visitors may share with others. Therefore, please be thoughtful in what you write and understand that this information may become public.
We may also share personal information with other third party companies that we collaborate with or hire to perform services on our behalf. For example, we may hire a company to help us send and manage email, and we might provide the company with your email address and certain other information in order for them to send you an email message on our behalf. Similarly, we may hire companies to host or operate some of our websites and related computers and software applications.
This website may permit you to view your visitor profile and related personal information and to request changes to such information. If this function is available, we will include a link on this website with a heading such as “My Profile” or similar words. Clicking on the link will take you to a page through which you may review your visitor profile and related personal information.
Website and Information Security
We maintain reasonable administrative, technical and physical safeguards designed to protect the information that you provide on this website. However, no security system is impenetrable and we cannot guarantee the security of our website, nor can we guarantee that the information you supply will not be intercepted while being transmitted to us over the Internet, and we are not liable for the illegal acts of third parties such as criminal hackers.
Our Online Communication Practices
We may send electronic newsletters, notification of account status, and other communications, such as marketing communications, on a periodic basis to various individuals and organizations. We may also send email communications regarding topics such as general health benefits, website updates, health conditions, and general health topics. We offer you appropriate consent mechanisms, such as opt-out, for marketing and certain other communications. As examples, you may opt-out as provided for in a specific email communication or contact us as described below in the section “Contact Us.” Please be aware that opt-outs may not apply to certain types of communications, such as account status, website updates, or other communications.
Information for Children Under 13
We will not intentionally collect any personal information from children under the age of 13 through this website without receiving parental consent. If you think that we have collected personal information from a child under the age of 13 through this website, please contact us.
To contact us regarding this policy and our related privacy practices, please contact us at: 800.-797.9921. If you believe we or any company associated with us has misused any of your information please contact us immediately and report such misuse.
The effective date of this policy is June, 22, 2014.
We may change this policy. If we do so, such change will appear on this page of our website. We will also provide appropriate notice and choices to you, on this website and in other appropriate locations, based on the scope and extent of changes. You may always visit this policy to learn of any updates.
Social Security Number Protection Policy: Protecting personal information is important to Harken Health. It is our policy to protect the confidentiality of Social Security numbers ("SSNs”) that we receive or collect in the course of business. We secure the confidentiality of SSNs through various means, including physical, technical, and administrative safeguards that are designed to protect against unauthorized access. It is our policy to limit access to SSNs to that which is lawful, and to prohibit unlawful disclosure of SSNs.
We understand that the security of individuals' personal and health information is important. Our continued success as a leading health and well being organization relies on our ability to maintain a robust security program consistent with the ethics of privacy and confidentiality in health care delivery.
Security is not a one time event. Good security is not simple. It is our job to understand, select and deploy a variety of risk mitigation safeguards. We use a complex set of interacting network, application and operating system safeguards including: Firewalls, Intrusion Detection, Alarms, Encryption, ID codes, Passwords, Digital Certificates, Authentication, Secure Messaging, Audits and Tests. When software security improvements are available, we promptly apply them as needed. When new threats are discovered, we evaluate and act. We have full time resources dedicated to Privacy, Integrity & Security Compliance Services. Absolute security may not exist. Problems can occur anywhere. But we are committed to meeting the security challenge.
We strive to maintain the highest standards of decency, fairness and integrity in our operations. On the Internet, we take a number of measures to authenticate your identity when you access our services. We also take steps to protect sensitive information as it traverses the Internet to and from your desktop. We take steps to make sure all sensitive information is as secure as possible against unauthorized access and use. We also review our security measures periodically. Despite our best efforts, and the best efforts of other firms, "perfect security" does not exist on the Internet, or anywhere else.
We use different pieces of information, collectively known as access codes, to properly identify and authenticate you before allowing you secure access to sensitive information. The first piece of information is an initial User ID that is created from personal information.
Once you have a User ID, we will randomly generate the final piece of information; your initial password.
For further security, we store your User ID and password on an encrypted database that is isolated from the Internet.
Data Traversing the Internet
Our site uses the highest levels of Internet security. We require the use of a secure browser and take full advantage of its features such as data encryption, Secure Sockets Layer (SSL) protocol, user names, passwords and other tools. The system encrypts the login information and personal information that flows back and forth between you and us.
Encryption is the process of scrambling the information so that it can only be reassembled by the intended recipient. Another person attempting to read the communication will not be able to decipher the information. We use 128 bits for this encryption, the dominant standard for the health and the financial industry, making it virtually impossible for anyone else to read it. You can tell when you are on a secure page by looking at the URL (location or address field in the browser). If it begins with https:// rather than "http://", the page is secure.
It is not our practice to include personal or account information in standard emails that we may send to you over the Internet. To respond to you regarding personal or sensitive matters, we may send you an unencrypted email inviting you back to our site to see our response. While this is not convenient, it is done to protect sensitive information.
Logout and our Timeout Feature
We make use of a secure login and typically advise you to log out of our site as soon as you are finished with your access.
We also use a timeout feature to protect you further. After an extended period of inactivity at our site, we will log you out automatically.
Data Within our Walls
The personal information our site collects is stored in secure operating environments that are not available to the general public. We employ mechanisms to protect data within our organization. Multiple firewalls protect our computer systems and information contained within those systems. Firewalls are filters or selective barriers that block access and allow only authorized traffic through. We often use layers of firewalls, so even if one firewall is breached, another layer of protection would exist.
We also use system and application logs to track all access. We review these logs periodically and investigate any anomalies or discrepancies.
Within our organization, we base access to third-party enrollee information on the sensitivity of the information and our employees' need-to-know. We authorize employees and representatives to use available sensitive enrollee information for authorized business purposes only. Each employee receives a code of conduct that details our requirement for our employees when using this information. Any violation may result in disciplinary action up to and including termination.
Additional Security Suggestions For You
Although your own security program is, must and should remain your own responsibility, we offer the following suggestions:
Eliminate cached (i.e. temporarily saved) pages before leaving a shared or public computer, at a library or an Internet cafe. Refer to your Web browser for instructions on clearing cache. We recommend that you close the browser you were using before leaving the computer.
Protect and never share your access codes with those who do not have a right to use them. Our administrator will never ask you for your password. Do not be duped by malicious emails asking for your password. This is a well-known trick designed to trick you into sharing your password.
Always complete an online session and log out when finished. Be sure to do so before leaving your computer. It is quick and easy and may save your account from unwanted trespassers.
Make sure that you are using an up-to-date version of Internet software (such as Netscape Navigator or Microsoft Internet Explorer). Versions that are more recent often have enhanced security protection.
If using a browser such as Internet Explorer 5.0 or greater, turn off the AutoComplete feature. This feature remembers enrollee User IDs and passwords, as well as other information you type into web pages that contain forms. When the browser encounters this form again, it will prefill the form with your answers from the last time you accessed the site. This feature could let other users of your computer log in as you. Refer to your Web browser for instructions on turning off IE5.0 Auto Complete feature.
If using Internet Explorer 5.0 or greater, set your temporary browser file setting to refresh your web pages once every browser session. Change this setting prior to logging in, then close and restart your browser. Refer to your Web browser for instructions on refreshing IE5.0 web pages.
We take the security of individual's personal and health information seriously. We know you do too. As you delegate access to this site to other personnel in your organization, please follow the guidelines listed below:
Allow access only to personnel who have a legitimate business need to use secured portions of www.harkenhealth.com/provider.
Monitor on a regular basis who within your organization has access to www.harkenhealth.com/provider.
Advise all users they are bound by the terms of the Site Use Agreement.
Member Rights and ResponsibilitiesYou have the right to: