Information security measures

Authorized individuals who use information that identifies members must observe appropriate safeguards, such as keeping user identification and passwords secret, using only their own passwords for access, signing off applications when appropriate, protecting medical records from unauthorized access, and accessing and disclosing patient information based on legitimate business need to know.

Password security

We encourage you to change your password regularly — the system will require you to change it every 60 days. You can change your password by choosing Change Your Password from the left navigation bar.

If you suspect that someone else is using your user name and password to sign on, change your password immediately and contact your delegated administrator or Provider Services or Health Plan consultant to report the suspected breach.

Securing confidential information

Confidential health information must be stored, transported, transmitted, handled, used, and disposed of in ways that protect the information from unauthorized access, alteration, destruction, disclosure, copying, theft, or physical damage but that assures availability for provision of care.

You must have security measures in place to protect work areas and patient-identifiable information, such as:

System access management.

Secured computer hardware.

Personnel clearance procedures.

Password protection of computer applications.

Secure disposal of confidential waste.

Sanctions for misuse of systems and data.

Signed confidentiality agreements.

Data backup and disaster recovery procedures.

Assigned responsibility for confidentiality and security of information.

Confidentiality and security awareness training.