Navicure is very sensitive to privacy issues. We respect your right to privacy and feel it is important for you to know how we handle the information we receive from you via the Internet. Additionally, our online and offline business practices are in full compliance with the privacy requirements under the Health Insurance Portability and Accountability Act (HIPAA).
Protecting Your Confidential Information
We have taken precautionary measures to make all information received from our online visitors as secure as possible against unauthorized access and use.
It may be necessary for us to provide your information to contracted external partners in order to provide you with Navicure services. They may only use the information provided for the specified use and project and are strictly prohibited from unauthorized distribution and release.
Navicure may also use your information to investigate or
prevent activity that is either potentially unlawful or that threatens
our network or violates our customer agreement, or to respond to a subpoena
or other legal process.
Your Online Preferences
Your Data is Safe
We have appropriate security measures in place in our physical facilities to protect against the loss, misuse or alteration of information that we have collected from you at our site.
Navicure HIPAA Compliance Statement
Navicure’s reputation for integrity and excellence requires strict compliance with all applicable laws and regulations and industry standards. To that end, we have established policies, procedures, best practices, and guidelines as living documents that evolve as Navicure’s products, services, technologies, and regulatory mandates change. Further, Navicure’s status as a “covered entity” under HIPAA means that Navicure is required to be in compliance with HIPAA independent of its contractual obligations to its customers and partners.
Navicure is continually evaluating its current suite of privacy and security provisions against evolving technology capabilities. This continuing evaluation requires focus and diligence among Navicure’s associates to keep abreast of updates to Navicure’s policies and procedures related to HIPAA Statutes as they are amended.
Mandatory awareness training is at the forefront of Navicure’s continuing efforts for strict compliance with the HIPAA Statutes. Navicure requires privacy and security training for all new and existing members of its workforce as conditions of employment. Periodic refresher training is required at least annually or as often as is warranted. Retraining is required whenever environmental or operational changes impact the privacy and security procedures required under the HIPAA Statutes. Such changes may include, but are not limited to, new or updated policies and procedures; new or upgraded software or hardware; new security technology; or changes/amendments to the Statutory Regulations.
Navicure’s continued success is dependent upon our customer’s trust and confidence in our competence, integrity, and high standards. In an effort to assure our customers and shareholders of our commitment to be deserving of their trust and confidence, Navicure requires all employees upon hire and periodically thereafter to execute and affirm that they have received, read, and are in compliance with Navicure’s Code of Conduct as well as the Policies and Procedures related to compliance standards mandated under the HIPAA Statutes.
Since 2007, Navicure has been an active participant in the Healthcare Network Accreditation Program (HNAP), sponsored by the Electronic Healthcare Network Accreditation Commission (EHNAC), an independent, federally recognized self-governing body to ensure compliance with industry established standards and HIPAA regulations.
Navicure has incorporated into its policies and procedures the applicable standards, implementation specifications and requirements of the HIPAA Security Rule with respect to PHI. Access to PHI data is initiated through the use of a unique application username/strong password and subsequently controlled by role-based permission settings. Processes are in place to record and log subsequent modifiable events to the application.
Navicure subscribes to an industry-standard vulnerability management tool that performs network discovery, vulnerability assessment reporting and remediation tracking by scanning Navicure’s internet facing servers against all known exploitations and vulnerabilities. Navicure also recruits the services of an independent 3rd party to provide an unbiased risk assessment of our environment. This risk assessment and penetration test/security audit assesses any known vulnerabilities. The results of this test are reviewed and improvements are made accordingly.
In conjunction with risk assessments, Navicure has established procedures that provide the authority, process and tools to conduct a security audit on any system to ensure compliance with Navicure’s policies and/or HIPAA regulations. These procedures and tools provide a multi-layered security boundary across the organization to protect PHI data through the use of dynamic reporting and consolidated alerts.
Navicure's HIPAA Notice of Privacy Practices (Effective Date 01/01/2017) explains how Navicure uses and discloses protected health information in its business.