Ensuring Data Security at BASIC
BASIC security is top notch. We want you to know that your data is safe and secure, so we put together a list of some of the precautions we take. The following are measures we are taking with regards to data security:
HIPAA Compliance
Each of our administration software vendors offer encrypted and secured web sessions, data storage and data transmission for full protection of personal health information, personally identifiable information and when applicable debit card account information.
Our payroll service provider offers bank-level encryption, making it more secure than industry standard payroll service security.
Our ongoing security and privacy awareness training program provides all our employees with clear and concise instructions for accessing, storing, transmitting and safeguarding PHI.
We have an attorney on retainer to work with us to ensure we are meeting all legal requirements regarding security and privacy.
Our Business Associates Agreement (BAA) reflects the HIPAA changes put into effect through ARRA/HITECH, specifically to state our responsibilities with regards to a PHI breach.
Data Security and Continuity Measures
In addition to supporting encrypted FTP and secure FTP for data exchange, recently we implemented a secure transfer website to allow our clients and business partners to securely submit data to BASIC and for BASIC to securely send files to our clients and business partners.
We also use a third party software solution (ZixMail) to enhance our encryption capabilities to guard against unauthorized access to PHI that is transmitted through email.
A thorough data security assessment of the potential risks and vulnerabilities of our systems are performed annually by a third party security assessment firm.
We operate a full data backup and redundancy and have 100% emergency power generator backup to enable continuation of critical business functions.
We utilize a secure data destruction program for all paper documents containing personally identifiable information.
To speak with a representative to learn more about our security and your data, contact BASIC today.
Privacy Statement
BASIC is dedicated to protecting the client information we use to provide services. It is BASIC’s responsibility to guard the individually identifiable information and other nonpublic personal or financial information of our clients. This is an overview of our commitment to our practices in protecting the privacy and confidentiality of Individual information that we collect, maintain, and use while administering services for our clients. For some of our services, BASIC creates, maintains and transmits protected health information (PHI), as defined by HIPAA, on behalf of our clients, BASIC has put in place additional administrative, physical, technical and procedural safeguards to protect the confidentiality and integrity of PHI as well as all personal information.
Protecting Information – (effective 1/1/2020)
We work to protect your information by using industry-recognized security safeguards along with carefully developed security procedures and practices.
We maintain physical, electronic and procedural safeguards that comply with applicable laws and federal standards. We use both internal and external resources to review our security procedures.
We do not disclose any non-public personal information about our clients or former customer clients to anyone, except in strict adherence as permitted or required by law.
We limit the collection and use of customer information to the minimum we require to deliver superior service to our clients, which includes advising our clients about our products, services and to administer our business.
Our employees are trained and required to safeguard your information. We ensure that employees comply with our established privacy policies and procedures, which exist to protect the confidentiality of individual information. Employees will access information only on a business need-to-know basis. We educate our employees on the importance of confidentiality and privacy. Employees who violate our privacy policies will be subject to our disciplinary process.
We do not reveal individual or client information to any external organization unless we have previously informed the customer in a disclosure or an agreement, have been authorized by the client or individual, or are required by law.
Whenever we hire other organizations to provide support services, we will require them to conform to our privacy standards and allow us to audit.
Information Uses
We do not use or share personally identifiable health information for any purpose other than the administration of an individual’s account; as disclosed to the individual when the information is collected or to which the individual consents.
We summarize information about individual clients and we also combine that information with that of others in a way that does not identify a specific client individually to understand how our products are used and to deliver products and services.
We may use third parties to provide products and services who are not allowed to use your information for their own purposes.
We do not sell or rent your personal information to anyone for any purpose.
Information We Collect
We collect personal information such as your name, billing address, e-mail, and phone number when you interact with us to use our products and services.
We collect financial data such as credit/debit card and bank account information for payment of fees or in conjunction with the administration of our products and services.
We collect benefit information for our products and services, including personal identifiers.
We collect information about your system as it interacts with us such as your IP address and browser information.
We use common Internet technologies, such as cookies and Web beacons to manage our websites and services, advertising and e-mail programs.
We may collect user feedback, community discussions, chats and other interactions, such as surveys.
We may obtain additional information about you, such as demographic information, from commercially available sources.
Your Access and Control Over Information
You may opt out of any future marketing and/or sales contacts from us at any time.
Contacting us via the email address or phone number given on our website to obtain the following information:
- See what data we have about you, if any.
- Change/correct any data we have about you.
- Express any concern you have about our use of your data.
- Due to the products and services we provide, your data cannot be deleted in order to continue to service.
Security
We take precautions to protect your information. When you submit sensitive information via the website, your information is protected both online and offline.
Whenever we collect sensitive information (such as credit card data), that information is encrypted and transmitted to us in a secure way.
While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment.
Rights of California Residents
Even though you use our services while acting as an employee or client contact, if you live in California, California law gives you the right to ask if we disclose your personal information to third parties for their direct marketing purposes (we do not disclose your personal information for others’ direct marketing purposes). It also gives you the right to ask if we sell your personal information to third parties (we do not sell your personal information and have not done so in the past), and if we did (which we don’t), you’d have the right to opt out of such sales.
Because HR data is collected by BASIC for the business purpose of administering benefits and services, BASIC is not legally permitted to delete it. CCPA’s data deletion requirement applies only in limited circumstances and does not apply to data that BASIC utilizes for benefit administration and services, which are subject to the Gramm-Leach-Bliley Act and/or the Health Insurance Portability and Accountability Act of 1996. Additionally, the CCPA is preempted by ERISA as the law relates to employer sponsored benefit plan data not covered by HIPAA.
Updates
Our Privacy Policy may change from time to time and all updates will be posted on this page. Please contact us at 800-444-1922 if you have questions about this privacy policy.
