Security

YOUR SAFETY AND SECURITY IS OUR FIRST PRIORITY.

We take the sensitivity of your health information very seriously. You can trust Eligible to protect your personal information with the highest security standards.

Eligible is committed to establishing and maintaining a comprehensive and dynamic security program for ourselves, our customers and our partners.

To achieve that commitment, Eligible ensures that:

  • Confidentiality of corporate and customer information is protected
  • Integrity of information is maintained
  • Availability of information and processing resources is ensured
  • Regulatory and legislative compliance requirements are met
  • Security awareness training is provided to all staff to address the human factors of information security
  • Eligible has adopted best practices for information security management aligned with leading principles, such as Defense in Depth, Least-Privilege and Role Based Access Control.

Unique identification of users

To comply with the HIPAA requirements and to provide a high quality secure service, Eligible requires all users to have a unique username. Eligible currently requires a valid tax id and National Provider Number for the professional version of the Eligible platform.

In addition to a username, every user account must be protected with a password of sufficient complexity. Eligible allows its customers to set their own password complexity policy.

All Eligible mobile iOS applications are protected by account lock-out systems. If a user incorrectly authenticates a number of times, their user account will be locked until they perform an in depth validation as a true account holder.

  • Encryption of Protected Health Information (PHI)
  • Confidentiality of PHI
  • Auditing of PHI access

ENCRYPTION AND OTHER PRIVACY FEATURES

  • Your information is encrypted over-the-wire (“in-transit”) as well as in our backend systems (“at-rest”)
  • We use the strongest encryption level supported on the internet today (SSL - 256 bits)
  • E-mail notifications never contain private information

PHYSICAL & INFORMATION SECURITY

Eligible servers are hosted in the largest and most secure hosting environment that includes:

  • 24/7 physical security
  • On-going vulnerability checks
  • Daily testing by McAfee Secured for known vulnerabilities

“READ-ONLY” INFORMATION

We don't allow you to change anything in your insurance records

Research and Disclosure

Eligible recognizes the important contributions that our users and the security research community can make. We encourage responsible reporting of problems with our service. We also recognize that legitimate and well-intentioned researchers are sometimes blamed for the problems they disclose. In order to encourage responsible reporting practices, we promise not to bring legal action against researchers who point out a problem, provided they:

  • Share with us the full details of any problem found.
  • Do not disclose the issue to others until we’ve had reasonable time to address it.
  • Do not intentionally harm the experience or usefulness of the service to others.
  • Never attempt to view, modify or damage data belonging to others.
  • Do not seek compensation or reward for the report.
  • If you believe you have discovered a problem, please contact us at security@eligibleapp.com.