Protecting your privacy and personal information is a priority for HMS Employer Solutions (HMS). Our experience in dealing with sensitive information has allowed us to develop a comprehensive privacy and security policy. Our processes fully comply, and often exceed, the privacy and security mandates set forth by the Health Insurance Portability and Accountability Act (HIPAA), Employee Retirement Income Security Act (ERISA), and the Federal Trade Commission (FTC). We are committed to keeping sensitive information secure.
We only collect the information necessary to complete our verification review. Any superfluous information is removed from our systems and destroyed. As a general rule, the transfer of Social Security numbers from the employer is prevented by the use of an internal employee identifier. In the event that an employer does not have an appropriate internal employee identifier, the use of Social Security number is restricted to data processing only. This data is not available in our application; call center employees and reviewers do not have access to this information. All documents received are immediately scanned and stored securely. Access to physical documents is restricted. All documents will be securely stored by HMS for the time period defined by each verification review. Upon expiration of the retention period, the documents and any scanned images will be confidentially and securely destroyed onsite by bonded and insured data destruction professionals. A Certificate of Destruction will be provided to the employer.
HMS's computer systems are regulated and secured to meet the exacting standards that are needed to handle sensitive data. Our systems are protected from external attacks by a state of the art firewall and segmented computer networks. HMS's systems contain password policies that ensure passwords are complex enough to be secure, and that they are changed often. Laptops are not used for dependent verification reviews; access to data is restricted to specific users on our internal servers. Backups of our data are kept in an access-controlled vault offsite with a bonded and insured data storage company. Any electronic communication of sensitive data utilizes the Secure Sockets Layer (SSL) Protocol, the same technology used by many commercial banks. Our IT professionals regularly audit our system logs for any unauthorized use of our systems. In addition, individual workstations used by call center representatives and reviewers have restricted capabilities. These workstations are unable to print, send external e-mail or view external websites.
HMS controls its physical environment with badge entry systems. These systems allow us to only grant access to the areas of the building that are relevant to each employee's position. Our physical security is also enhanced by alarm systems, surveillance cameras, and other methods which cannot be disclosed.
If you have any questions regarding this policy, please contact us at 1-877-382-4919
As of: March 1, 2012
Our Privacy and Security Policy is available in Adobe Acrobat Reader format which can be downloaded for free from http://get.adobe.com/reader/. You can download our Privacy and Security Policy here: HMS_Privacy_and_Security_Policy.pdf