Safeguarding the privacy and confidentiality of Protected Health Information (PHI) is of paramount concern to MicroMass. PHI is any health-related information that can reveal the identity of an individual. MicroMass programs comply with HIPAA, COPPA, Safe Harbor and DMA Privacy Guidelines.

We build security and privacy into each of our programs through eleven key steps:

1. Designate a primary security and privacy contact
2. Provide a clear, simple privacy and usage statement
3. Use PHI only for intended purposes
4. Collect the minimum amount of data
5. Provide a privacy complaint/resolution system
6. Use opt-in enrollment
7. Provide easy opt-out
8. Provide a means to view and modify PHI
9. Encrypt network transferred PHI
10. Encrypt PHI in all links
11. Establish a 'chain of trust' with vendors' security policies

To ensure organizational security, we:

• Maintain and enforce a written security policy
• Conduct security training for all staff
• Maintain written contingency plans
• Maintain and enforce a written HIPAA policy
• Conduct HIPAA training for all staff
• Implement HIPAA program certification procedures
• Maintain a Safe Harbor profile with the US Dept of Commerce
• Restrict access to PHI
• Control physical access to facilities

These systems, processes, and personnel are the responsibility of our Chief Privacy Officer, Mark Rinehart, and our information security committee, including representation from senior executive management, information systems, human resources, and security personnel.

For further information regarding security and privacy issues, or to obtain copies of privacy notices and policies, please contact us at mmc.privacy@micromass.com, or call our corporate office at (919) 851-3182.