Tall Tree Administrators
Patient Information Privacy and Security Policy
Tall Tree Administrators policy is to protect patient identification information and aggressively maintain proper procedures and training to insure all patient information is secure.
- Patient information on the Tall Tree Administrators Claims Manager System will be copied on a disc nightly and the disc stored in a fireproof safe each night on the premises. These backup discs are not permitted to leave the Tall Tree Administrators offices. This back up procedure is performed by the Tall Tree Administrators Information Officer.
- File of the Tall Tree Administrators office information system are copied on a disc weekly. This back up procedure is performed by the information officer and the backup disc is stored in the fireproof safe.
- All office files with patient information, including all claims data that has been pulled from the Claims data files, are deleted each Friday evening as part of the back-up process.
- On the last day of the month the Tall Tree Administrators Information Officer will create a disc loading all of that months claims data on a disc for use in documenting stop loss experience. A backup disc will be retained for all of the prior 12months, retina one year?s monthly data. Each new disc will replace the same month of the prior year. The old disc from the prior year will be shredded.
Identity Fraud is the acquiring of another person?s sensitive information (without that person?s knowledge) and the fraudulent use of such information.
This policy provides a set of guidelines to reduce this risk to customers and employees from identity fraud.
Sensitive Information includes the following items whether they are stored in electronic, written, or printed format: Credit card number, Social Security number, Payroll information, bank information and Medical information.
Hard Copies of sensitive information (paper) require locked storage.
- File cabinets, desk drawers, overhead cabinets, and any other storage space containing documents with sensitive information must remain locked when not in use.
- Storage rooms containing documents with sensitive information and record retention areas must be locked at the end of each workday or when unsupervised.
- Desks, workstations, work areas, printers and fax machines, and common shared work areas must be cleared of all documents containing sensitive information when not in use.
- Documents containing sensitive information must be shredded when discarding.
- When exchanging documents with sensitive information between departments, such Documents must be passed between two persons directly.
Electronic Forms of sensitive information require encryption.
- Sensitive information may only be transmitted using approved encrypted methods.
- Sensitive information must not be saved on any local computer and will not be entered into any account notes or general account information.
- Sensitive information may only be entered into authorized encrypted database tables or fields.
It is the responsibility of all employees to make every effort to protect sensitive information and report any observances that may require additional attention.