We understand that the security of individuals' personal and health information is important. Our continued success as a leading health and well being organization relies on our ability to maintain a robust security program consistent with the ethics of privacy and confidentiality in health care delivery.
Security is not a one time event. Good security is not simple. It is our job to understand, select and deploy a variety of risk mitigation safeguards. We use a complex set of interacting network, application and operating system safeguards including: Firewalls, Intrusion Detection, Alarms, Encryption, ID codes, Passwords, Digital Certificates, Authentication, Secure Messaging, Audits and Tests. When software security improvements are available, we promptly apply them as needed. When new threats are discovered, we evaluate and act. We have full time resources dedicated to Privacy, Integrity & Security Compliance Services. Absolute security may not exist. Problems can occur anywhere. But we are committed to meeting the security challenge.
We strive to maintain the highest standards of decency, fairness and integrity in our operations. On the Internet, we take a number of measures to authenticate your identity when you access our services. We also take steps to protect sensitive information as it traverses the Internet to and from your desktop. We take steps to make sure all sensitive information is as secure as possible against unauthorized access and use. We also review our security measures periodically. Despite our best efforts, and the best efforts of other firms, "perfect security" does not exist on the Internet, or anywhere else.
Once you have a User ID, we will randomly generate the final piece of information; your initial password.
For further security, we store your User ID and password on an encrypted database that is isolated from the Internet.
Encryption is the process of scrambling the information so that it can only be reassembled by the intended recipient. Another person attempting to read the communication will not be able to decipher the information. We use 128 bits for this encryption, the dominant standard for the health and the financial industry, making it virtually impossible for anyone else to read it. You can tell when you are on a secure page by looking at the URL (location or address field in the browser). If it begins with https:// rather than "http://", the page is secure.
It is not our practice to include personal or account information in standard emails that we may send to you over the Internet. To respond to you regarding personal or sensitive matters, we may send you an unencrypted email inviting you back to our site to see our response. While this is not convenient, it is done to protect sensitive information.
We also use a timeout feature to protect you further. After an extended period of inactivity at our site, we will log you out automatically.
We also use system and application logs to track all access. We review these logs periodically and investigate any anomalies or discrepancies.
Within our organization, we base access to third-party enrollee information on the sensitivity of the information and our employees' need-to-know. We authorize employees and representatives to use available sensitive enrollee information for authorized business purposes only. Each employee receives a code of conduct that details our requirement for our employees when using this information. Any violation may result in disciplinary action up to and including termination.
- Eliminate cached (i.e.temporarily saved) pages before leaving a shared or public computer, at a library or an Internet cafe. Refer to your Web browser for instructions on clearing cache. We recommend that you close the browser you were using before leaving the computer.
- Protect and never share your access codes with those who do not have a right to use them. Our administrator will never ask you for your password. Do not be duped by malicious emails asking for your password. This is a well-known trick designed to trick you into sharing your password.
- Always complete an online session and log out when finished. Be sure to do so before leaving your computer. It is quick and easy and may save your account from unwanted trespassers.
- Make sure that you are using an up-to-date version of Internet software (such as Netscape Navigator or Microsoft Internet Explorer). Versions that are more recent often have enhanced security protection.
- If using a browser such as Internet Explorer 5.0 or greater, turn off the AutoComplete feature. This feature remembers enrollee User IDs and passwords, as well as other information you type into web pages that contain forms. When the browser encounters this form again, it will prefill the form with your answers from the last time you accessed the site. This feature could let other users of your computer log in as you. Refer to your Web browser for instructions on turning off IE5.0 Auto Complete feature.
- If using Internet Explorer 5.0 or greater, set your temporary browser file setting to refresh your web pages once every browser session. Change this setting prior to logging in, then close and restart your browser. Refer to your Web browser for instructions on refreshing IE5.0 web pages.
- We take the security of individual's personal and health information seriously. We know you do too. As you delegate access to this site to other personnel in your organization, please follow the guidelines listed below:
- Allow access only to personnel who have a legitimate business need to use secured portions of www.unitedhealthcareonline.com.
- Monitor on a regular basis who within your organization has access to www.unitedhealthcareonline.com.
- Advise all users they are bound by the terms of the Site Use Agreement.