Â鶹¹û¶³´«Ã½Ó°Òô

Ìý

Ìý

Ìý

Ìý

Ìý

Ìý

Â鶹¹û¶³´«Ã½Ó°Òô is dedicated to being a trusted partner to those we serve including our members, employees and business partners by responsibly managing and protecting their confidential information. As technology continues to advance and more information is digitized, security and privacy practices remain critical to protecting confidential information. To support governance, controls and transparency, our information security and privacy programs are embedded in our enterprise-wide risk management practices.

Â鶹¹û¶³´«Ã½Ó°Òô’s Board of Directors has oversight for enterprise-wide risk management with the Audit and Compliance Committee responsible for the company’s information security program including privacy and other program components. Our management team is responsible for day-to-day risk management and the implementation of our data privacy and security risk management programs.

We are committed to complying with all applicable laws and regulations that govern the access, use and management of confidential data. Additionally, our programs are assessed bi-annually in compliance with the HITECH Act and HIPAA Privacy and Security Rules. Our information security program conforms with ISO 27001 and is certified by an accredited organization. Our Enterprise Data Privacy Program further describes the measures we take to protect confidential information and how individuals may exercise their data privacy rights under applicable regulations.

Our Chief Security and Privacy Officer (CSPO) and our Chief Information Security Officer (CISO) lead the management of our data privacy and security risk management programs. Our CSPO is responsible for overseeing the day-to-day operation of our data privacy and security risk management programs. Our CISO oversees our data privacy and security operations, including all identity and access management functions, cybersecurity incident response operations and the effective operation of the suite of security tools we employ.Ìý

As Â鶹¹û¶³´«Ã½Ó°Òô’s first line of defense against attacks, employees are essential to supporting the company’s culture of information security. Â鶹¹û¶³´«Ã½Ó°Òô works to protect information assets through an information security program that includes technical, administrative, and physical controls intended to prevent security incidents and reduce their potential impact.ÌýÌý

To further protect our members and business partners, all employees and contractors are required to complete annual information security and privacy training, with additional specialized role-based training provided as necessary. We communicate security awareness items in multiple formats to our employees including awareness of the importance of timely notification of potential security and privacy issues.ÌýÌý