At Capital Benefits we understand that privacy is an important issue for our clients and plan participants. The following information is designed to help you understand what information we gather, and how we handle the information once we gather it.
Capital Benefits may receive personal information about you, including your name, address, e-mail address, personal identification number, social security number, home phone number, birth date, hire date, work location, annual pay, hourly pay rate, gender, termination date, hours worked, etc. This information is used to enroll you in benefit plans and for claim administration, including payment status. In order to carry out our duties, we may share personal information with insurance carriers, third party administrators and your employer's or organization's payroll personnel and human resource systems. As described below, we do our best to ensure that the personal information you provide to us is kept confidential. Capital Benefits will not share this information with others in ways different from what is disclosed in this statement. In addition, we will never sell or rent any of your information to others.
We use Extended Validation (EV) SSL, the highest standard in the Internet security industry for Web site authentication, to secure your online transaction with us. EV SSL signifies that our organization has passed a rigorous identity authentication process. The EV SSL Certificate triggers your browser address to display https:// and if you use a browser released in 2007 or later (such as Microsoft Internet Explorer 7) your address bar will turn a noticeable green color.
All users are required to register or sign-in as a guest to gain access to CapBen Online. Guest access is limited and requires your social security number and date of birth.
In addition to registering, administrators accessing CapBen Online are required to obtain a security certificate from our certificate authority. Security certificates are issued through a manual process upon receipt of a certificate request and verification of the requestor's identity. Certificates may also be revoked, preventing administrative access when an individual no longer provides an administrative function. Administrative certificates expire after one year and must be renewed before administrative access can continue. All functions pertaining to security are logged such as login, registration and password/user name changes. These logs are monitored by Capital Benefits personnel. If, after three attempts, the user cannot successfully meet a security challenge the user's account will be temporarily suspended.
Additional security measures protect your information once it reaches our server. Information is stored behind our firewall and is not directly connected to the internet. Only authorized Capital Benefits personnel have access to your information behind the firewall through integrated security. Additionally, your sensitive information such as user names, passwords, social security numbers and id numbers are encrypted at rest on our server using certificate-based, public/private key encryption and/or one-way encryption. One-way encryption means that the content cannot be decrypted and is used for user names and passwords. For this reason Capital Benefits personnel cannot retrieve your user name and password. Only you may retrieve your user name and password through CapBen Online by providing the answer to the secret question supplied by you during the registration process. Therefore, it is extremely important that you guard your user name, password and the answer to your secret question. If you cannot remember your user name, password and the answer to the secret question, you may re-register to create a new user name, password and secret answer. It is recommended that users change their username and password from time to time as a further precaution.
One-way encryption or hashing is also used to ensure that your information on file has not been compromised. Whenever you submit a change through a CapBen Online form, an encrypted string or hash is created from the content that you submitted. By repeating the hash function on the content at any later point, the returned encrypted string should exactly match the hash that was created at the time the changes were submitted. The online form itself is also hashed to provide confirmation of the context of the information submitted. Additionally, when changes are submitted the changes are signed using a certificate-based, digital signature created for you at the time of registration using the answer to your secret question as your private key. Finally, a hash of the changes with your digital signature is created. In this way the integrity of both your signature and changes may be confirmed if necessary using the answer to your secret question. Changes made by administrators acting on behalf of an insured member will be signed with the administrator's digital signature.
A cookie is a piece of data typically stored on the user's hard drive that can be used to identify a user returning to a web site. This type of cookie is called a persistent cookie. The CapBen website uses session cookies. Session cookies reside in the browser's memory and are erased once the user closes their browser. The CapBen web site uses session cookies for the sole purpose of timing-out the user's session after a period of inactivity. The information in the cookie does not contain any information about the user. This site requires cookies to be enabled in the user's browser to access CapBen Online. However, no information is ever written to the user's hard drive.
Capital Benefits will safeguard all health care information we have in accordance with state and federal law, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA). We will not use or disclose health care information we have except as permitted by law. Beginning in April 2003, health plan beneficiaries will be entitled under HIPAA to receive a Notice of Privacy Practices from their health plan. The Notice of Privacy Practices will provide you with important information about how your health care information may be used and your rights under HIPAA. The information provided here is not intended to substitute for a Notice of Privacy Practices.
If we decide to change our privacy policy, we will post those changes on our website. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email where an email is provided, or by [regular mail]. Users will have a choice as to whether or not we use their information in this different manner. The above privacy statement is effective as of March 1, 2008. Capital Benefits reserves the right to change this privacy statement from time to time. This privacy policy is not intended to and does not imply any contractual or other legal rights in respect to Capital Benefits or any other party.
© Copyright 2008 Capital Benefits Consulting