Security & Privacy

Safeguarding the privacy and confidentiality of Personally Identifiable Information (PII) and Protected Health Information (PHI) is of paramount concern to MicroMass Communications, Inc. PII is any data that can be used to contact, locate, or identify a specific individual, whereas PHI is any health information that is individually identifiable. Programs of MicroMass Communications, Inc. comply with HIPAA, COPPA, and DMA Privacy Guidelines.

We build security and privacy into each of our programs through the following key steps:

• Designate a primary security and privacy contact
• Provide a clear, simple privacy and usage statement
• Use PHI only for intended purposes
• Collect the minimum amount of data
• Provide a privacy complaint/resolution system
• Use opt-in enrollment
• Provide easy opt-out
• Provide a means to view and modify PHI
• Encrypt network-transferred PHI
• Encrypt PHI in all links
• Establish a “chain of trust” with vendors’ security policies

To ensure organizational security, we:

• Maintain and enforce a written security policy
• Conduct security training for all staff
• Maintain written contingency plans
• Maintain and enforce a written HIPAA policy
• Conduct HIPAA training for all staff
• Implement HIPAA program certification procedures
• Restrict access to PHI
• Control physical access to facilities

These systems, processes, and personnel are the responsibility of our Chief Privacy Officer, Mark Rinehart, and our information security committee, including representation from senior executive management, information systems, human resources, and security personnel.

For further information regarding security and privacy issues, or to obtain copies of privacy notices and policies, please contact us at mmc.privacy@micromass.com, or call our corporate office at (919) 851-3182.