Integrity Standard - Confidentiality of Information

Policy:
We must protect the confidentiality of the information handled by the Company, concerning our members and our clients both inside and outside of the Company.  We will take precautions to avoid improper, inappropriate or inadvertent disclosures of sensitive, confidential or privileged information, records or documents.  Within the Company, we will share this information only with those employees who have a legitimate business "need to know" the information.  We will maintain and protect this information even after termination of employment with the Company.

Confidential Company Information

Member Information
We will disclose protected health information outside the Company only to authorized persons or entities and according to applicable federal and state law. We will follow Company and departmental policies and procedures for the handling of protected health information. We will use and disclose this information within the Company only on a "need to know" basis for the purpose of conducting Company business.  These requirements continue to apply even after we leave the Company's employment.

Employee Information
As with all confidential information, we have an obligation to protect the confidential information of our employees both inside and outside of the Company.  Information about our employees, such as salary, Social Security Number, age, status, type of leave, banking or other financial information should not be shared with third parties unless required for Company operations.  It should also only be shared with other employees on a "need to know" basis.  Remember, many of our employees are also our members and we must provide these employees with the same protections regarding their protected health information as we do all of our members.

Intellectual Property and Trade Secrets
We will not disclose information about the Company’s intellectual property and trade secrets to unauthorized third parties or to employees except as may be required for those employees to perform their job duties.   Please see the "Proper Use of Corporate Assets" Integrity Standard for more information about the Company’s Intellectual Property and Trade Secrets.

Proprietary Business Information and “Insider” Information
We will not give confidential or proprietary Company information to unauthorized persons such as competitors, suppliers, or outside contractors without proper authorization.  This includes financial information, customer lists, discounts, special prices, computer data, and computer programs, as well as descriptions of Company processes or operations.  We will not discuss potential business relationships, purchases,  mergers or acquisitions or other organizational changes either internally or with unauthorized third parties except on a "need to know" basis.

Passwords
We will protect and maintain the confidentiality and integrity of information used to access our systems, including but not limited to, passwords and other personal security codes. We will keep our passwords and other personal security codes confidential.  We recognize that we are each responsible for the actions resulting from the use of our passwords.  We will not share our passwords or let others use our computers while we are logged on.

Client Information
Although the Company is not publicly traded, many of the companies that we do business with are. During the course of our employment, we may become aware of “insider information”. The law prohibits the use of this information for the Company’s or our own financial gain. In addition, we may not “tip” others by sharing this information with them.

Question & Answers

Q: Why is protecting confidential medical information so important?
A: Improper uses and disclosures can invade someone’s privacy, damage his or her reputation, cause embarrassment, violate federal and state privacy laws and invite lawsuits. Improper uses and disclosures may also be violations of the Company’s agreement or contract with a government agency or another customer. Federal and state privacy laws carry significant penalties for violations.  These penalties may apply both on a corporate and individual basis.  Therefore, the privacy and confidentiality of each Covered Person’s medical and claim information must be protected in accordance with Company and department policies and procedures.

Q: Why shouldn’t employees share their passwords and other personal security codes?
A: All of our information security mechanisms use user IDs and passwords to authenticate an individual’s identity and establish approved access and rights.  If multiple individuals have access to the same user IDs and passwords, it is impossible to tell who did what.  Sharing of user IDs and passwords is strictly prohibited.  Every employee is responsible for the confidentiality of his or her user ID, password and other personal security codes, and will be held accountable for anything done with his or her user ID and password.

Corporate documents and files must be stored and secured on corporate servers in order to ensure both their recoverability as well as access by the proper individuals.  Whenever it is necessary for an Information Technology technician to work on a computer, the employee must be present to enter his or her password and provide oversight.

Remember, if you do not understand, or if you have any questions concerning, this Integrity Standard or any other part of the Code, contact your Supervisor, a higher level Supervisor, any of the Corporate Resources or call the Corporate Integrity HOTLINE (1 800 838-2552).