Protecting your personal information
WellSense may collect and use the following information about you:
- Protected Health Information
Individually identifiable health information held or transmitted in any form or medium by WellSense. - Personal Information
A member’s first name and last name or first initial and last name in combination with any one or more of the following data elements that relate to such resident:- Social Security number;
- Driver’s license number or state-issued identification card number; or
- Financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to a resident’s financial account
- Sensitive Data
Personal data that includes data revealing race, ethnicity, language, gender identity, sexual orientation, sexual preference, religious beliefs, citizenship or immigration status. In New Hampshire, Sensitive Data also includes the processing of genetic or biometric data for the purpose of uniquely identifying an individual; personal data collected from a known child; or, precise geolocation data. - Part 2 Data
Data that is subject to the restrictions on use or disclosure set forth in 42 CFR. Part 2 (related to an individual who has applied for or been given diagnosis, treatment or referral for treatment for a substance abuse disorder at a Part 2 program.) - Reproductive Health Care Information
Health Care “that affects the health of an individual in all matters relating to the reproductive system and to its functions and processes”.
We may also share this information with your healthcare provider so that they can give you better care. WellSense will not use this information for underwriting, rate setting or benefit determination. Providing this information is voluntary and will not impact your coverage or benefits with WellSense. In line with federal and state laws, WellSense takes many steps to protect your information (whether electronic, oral, or written), including physical and electronic safeguards such as encryption and access controls.
While we need your information at times for valid reasons to provide your health care, we take measures to limit the chance of your protected information listed above being used in inappropriate ways.
How do we protect all your data, including PHI and Sensitive Data?
- We limit the amount of information employees can access. They may only access information that is required by their job.
- When sharing information related to your health care, we only share the minimum amount needed to complete the request or task at hand.
- We verify the identity of any person requesting data and confirm their authority to access PHI before they receive any written or oral documentation, statements or representation.
- We require a Release of PHI Authorization Form from a Member or Member Representative to allow the release of PHI for purposes other than treatment, payment or operations, including to employers, if applicable.
- We require all employees to follow these processes:
- Employees must ensure that data is used or disclosed for its intended purpose and follows federal and state laws and our policies.
- Employees must not share passwords or use another’s user id to sign on to our computers or computer programs
- Employees shall not misuse data for personal gain
- Employees shall not access, use or disclose data for family members or personal acquaintances
- Employees must not disclose data to unauthorized individuals
- Employees must not knowingly attempt to gain access to data that is not within the scope of the employees’ job responsibilities
- Employees must not disclose data outside the assigned job responsibilities
- Employees must not take action against other workforce members for reporting misuse of PHI or Sensitive Data
- We may not take action against employees for reporting misuse of data
- We conduct privacy and security awareness trainings to all new employees, and every year to all employees. These trainings review federal and state laws and our policies that regulate confidential and privacy information including:
- The definition of PHI and PI, whether in paper, electronic or verbal form
- The definition of Sensitive Data
- How to identify documents that are considered confidential and not for public consumption
- Responsibilities of protecting PHI and PI and other confidential information including Sensitive Data
- How to report violations
- Penalties and consequences associated with violations of federal and state rules and Plan policies
- We require the proper use of our computing equipment, hardware, software, information systems and other technology including, but not limited to; laptops, desktop PCs, email, social media and faxes.
- We use encryption software on all computers and smart phones to prevent access by people without proper passwords.
- We limit access to sensitive areas in the company to only those whose job requires access to these areas.
- We provide a safe and secure work environment and require all employees to enter the building through locked doors using their identification badge.
- We require all visitors to sign-in and be escorted at all times while on our facilities.
- We use secure bins for the shredding and disposal of data.
- We require all files containing data to be stored in secure and locked cabinets when not in use.
- We terminate access to any information or building access when an employee no longer works for the organization.
You are leaving the WellSense website
You are now leaving the WellSense website, and are being connected to a third party web site. Please note that WellSense is not responsible for the information, content or product(s) found on third party web sites.
By accessing the noted link you will be leaving our website and entering a website hosted by another party. Please be advised that you will no longer be subject to, or under the protection of, our privacy and security policies. We encourage you to read and evaluate the privacy and security policies of the site you are entering, which may be different than ours.