Privacy Statement

OCI, an Application Service Provider, provides integrated analysis and reporting applications directly to clients and client customers via Internet and Extranet network connections. As part of this service delivery, OCI is committed to protecting the privacy of the information contained in the service. This policy contains information covering the methods used by OCI to meet this commitment.

Health Insurance Portability and Accountability Act (HIPAA)

The Privacy Standards in HIPAA were enacted to define and limit the circumstances in which an individual’s protected health information may be used and disclosed. OCI complies with the Privacy Rule in the delivery of all Integrated Information Services. As a "Business Associate," OCI adheres to HIPAA. In doing so, OCI will:

Disclose Protected Health Information (PHI) only as provided by the contract with each client,
Maintain appropriate safeguards to assure proper use of PHI,
Track all uses and disclosures of PHI,
Ensure OCI's employees, agents, and subcontractors agree to the same restrictions imposed on OCI,
Report to client any inappropriate or non-contractually agreed upon use of PHI,
Permit clients/HHS to audit OCI internal practices and records, relating to the use and disclosure of PHI,
Disclose OCI employees, agents, and subcontractors who have access to PHI, and
Educate OCI employees in the application and maintenance of HIPAA compliance.

Gramm-Leach-Bliley Act of 1999 (GLB)

The GLB Act of 1999 is a federal act that primarily addresses financial service industry reform and includes a section (Title V) relating to consumer privacy. The purpose of Title V is to address how personal, non-public financial information is shared, and to safeguard consumers. Personal, non-public information refers to any personally identifiable information regarding a person’s financial affairs or health.

OCI is regulated by GLB because OCI is a wholly owned subsidiary of UnumProvident Corporation, an insurance company. Insurance companies are considered financial institutions and must comply with the GLB Act.

OCI does not receive any financial information on consumers. The health information received from UnumProvident Corporation, or the employer, is only shared as permitted by law, and as contractually outlined by each employer. Any personal information is handled by authorized OCI personnel only.

UnumProvident Corporation’s Privacy Notice mailing to all customers annually fulfills OCI’s notification requirement.

OCI maintains stringent confidentiality policies in regards to the receipt, storage, and reporting of personal health information. These policies are in compliance with the GLB Act.

Security Measures

The design of the WebOPTIS^® technology platform is based on the fundamental principle of data security. It is essential that there is no risk of compromising the privacy of data at any time during the distribution process. As a result, the following security measures are in place.

Digital ID (certificate)
The WebOPTIS platform utilizes Verisign digital server IDs to authenticate connection to the correct service, and Verisign digital client IDs, which serve as unique identifiers to ensure that the computer (not the user) is authorized to access the WebOPTIS site. All digital IDs are approved by OCI's WebOPTIS Support Staff (WOSS) with a customer representative's valid authorization. Both types of Digital IDs expire annually, and must be renewed by WOSS.

Data Encryption
All data transmitted between the user’s computer and WebOPTIS is encrypted using Secure Sockets Layer 2.0. This includes transmission of the username and password at sign-in. A unique encryption key is generated at the beginning of each session.

OCI Firewall
All network traffic between the Internet, customer extranet connections, and the WebOPTIS technology platform is filtered to allow only WebOPTIS communication protocols to pass.

Content Filtering
Access to all site content is filtered by proprietary OCI technology. WebOPTIS employs a role-based security model that is configured by the customer. Access to areas within the service is based on the user privileges established during the registration process. This process allows virtually any data or service to be blocked from specific users or groups within an organization.

Contact Information

OCI welcomes your comments; please contact us by e-mail or postal mail.

OCI
Attn: WebOPTIS Support Service
2232 Dell Range Blvd.
Suite 300
Cheyenne, WY 82001
E-mail: help@oci.com