Privacy of personal health information (PHI) is a very important concern to HealthWorks. Data collected either through our HRA, biometric screenings and/or programming constitutes PHI and is protected in accordance with HIPAA and its corresponding Privacy and Security Rules. As a business associate, HealthWorks is also subject to obligations under the Health Information Technology for Economic and Clinical Health Act (HITECH Act).
WHAT INFORMATION DO WE COLLECT?
- HealthWorks collects information about health behaviors, including smoking status, physical and emotional health status, productivity and satisfaction with several facets of your life.
- HealthWorks does not house or collect personal information without the knowledge of our customers.
- HealthWorks never sells or trades information with third parties, any customer identifiable information derived from customer interaction with HealthWorks, including customer contact information.
WHO HAS ACCESS TO YOUR INFORMATION?
- Only aggregate data is ever shared with your employer.
- All HealthWorks employees are bound by contract to protect and maintain the confidentiality of PHI and other confidential information obtained from our business customers and are required to sign HIPAA confidentiality paperwork.
- Access to confidential processing data is restricted to authorized HealthWorks staff only, protected by multi-factor authentication.
- No PHI is ever removed from company premises except for legitimate business purposes and unless following appropriate department procedures.
HOW IS YOUR INFORMATION KEPT SECURE?
- Data is stored on a secure data base.
- HealthWorks contracts with an insured document destruction company to destroy sensitive documents.
- PHI is transferred either over the internet via a secure email host, or directly into our secure portal with a unique login and password assigned to each client.
- HealthWorks uses industry-standard firewall protections.
- Data backups are performed throughout the business day, and are encrypted and moved offsite nightly. Complete data duplication is available at one of our backup data centers.
- When HealthWorks refers to external websites, we do not share your personal information with those websites. However, HealthWorks is not responsible for their privacy policies and we encourage you to learn about the privacy practices of any website you visit.