Data Privacy & Security
Ìý
Ìý
Ìý
Ìý
Ìý
Ìý
Ìý
Ìý
°ä±ð²Ô³Ù±ð²Ô±ð’s mission of transforming the health of the communities we serve, one person at a time, requires maintaining our members’ trust.
º£½ÇÂÒÂ× is dedicated to being a trusted partner to those we serve including our members, employees and business partners by responsibly managing and protecting their confidential information. As technology continues to advance and more information is digitized, security and privacy practices remain critical to protecting confidential information. To support governance, controls and transparency, our information security and privacy programs are embedded in our enterprise-wide risk management practices..
Risk Governance
Our Board of Directors has primary responsibility for oversight of enterprise-wide risk management and exercises oversight of data privacy and security risk through two of its committees— the Audit and Compliance Committee and the Quality Committee. Our management team is responsible for day-to-day risk management, including the implementation of our data privacy and security risk management programs.
Our Chief Security and Privacy Officer (CSPO) and our Chief Information Security Officer (CISO) lead the management of our data privacy and security risk management programs. Our CSPO is responsible for overseeing the day-to-day operation of our data privacy and security risk management programs. Our CISO oversees our security operations, including all identity and access management functions, cybersecurity incident response operations and the effective operation of the suite of security tools we employ.
Privacy Practices
°ä±ð²Ô³Ù±ð²Ô±ð’s Code of Conduct outlines our obligations to protect confidential information across all our lines of business. Our privacy policies guide the collection and use of member data, describe the measures we take to protect information, and detail how members may exercise their rights and raise concerns regarding the collection, sharing and use of their personal data. Ìý
Our Enterprise Data Privacy Program further describes our commitment to complying with all applicable laws and regulations that govern the access, use and management of confidential data. Additionally, our programs are assessed annually in compliance with the HITECH Act and HIPAA Privacy and Security Rules. Our information security program conforms with ISO 27001 and is certified by an accredited organization. Ìý
Building A Culture Of Information Security
As °ä±ð²Ô³Ù±ð²Ô±ð’s first line of defense against attacks, employees are essential to supporting the company’s culture of information security. º£½ÇÂÒÂ× works to protect information assets through an information security program that includes technical, administrative, and physical controls intended to prevent security incidents and reduce their potential impact. Ìý
To further protect our members and business partners, all employees and contractors are required to complete annual information security and privacy training, with additional specialized role-based training provided as necessary. Ìý
Crisis Response
º£½ÇÂÒÂ× continues to monitor threats and invest in the resilience of our systems. Our Business Continuity Management program provides coordination, oversight, plan development and monitoring activities to prepare for and respond to incidents and business disruptions. Ìý
Ìý
Watch how º£½ÇÂÒÂ× and CyberUp are partnering to bridge the gap in the cybersecurity workforce, with a special focus on veterans. Hear from real participants whose lives have been transformed through cybersecurity apprenticeships, gaining the skills and opportunities they need for a stable and fulfilling career. Ìý
Related News
