Information Security


We understand that the security of individuals’ personal and health information is paramount. Our continued success relies on our ability to sustain a robust program consistent with industry security standards in order to maintain confidentiality requirements concerning employee benefits.

Security is not a one-time event or a single technology. We believe security begins with having the correct processes in place and having our team correctly trained and well versed in these processes. With the correct security procedures and goals already established, we can seamlessly implement the appropriate controls and technologies.

It is our job to understand, select and deploy a variety of security safeguards and processes. In addition to our employee confidentiality training/security awareness program, we use a complex set of interacting network, application and operating system safeguards including:

  • World class datacenter facility that is HIPAA compliant, PCI/DSS Level 1, SAS70, and ISO 27001 certified
  • SEIM infrastructure for real time 24/7 monitoring of public facing systems
  • Offsite one way log archiving
  • Host and Network based Intrusion Detection systems
  • Stateful firewalls
  • Appropriate separation of content servers from data stores via DMZ
  • DoD level encryption technology
  • PKI based Digital Certificates
  • SSL for all electronic messaging
  • Strategic security awareness via honeypots and security dashboard
  • Third party audits and tests with independent verification

We strive to maintain the highest standards of performance and integrity in our operations. Within our web application, we take a number of measures to securely authenticate your identity. We also take steps to secure protected information between our data centers and the end users network. We utilize best of breed methods to ensure all sensitive information is as secure as possible against unauthorized access and use. In addition to third party audits, we also review our internal security measures at regular intervals according to our security policies.

Application Authentication:

We use different pieces of information to properly identify and authenticate users before allowing them secure access to benefit information. When users register online, we require unique information within our systems to verify that the information you provided is your own personal information.