Privacy Policy

Tall Tree Administrators

Patient Information Privacy and Security Policy

September 2018

Tall Tree Administrators' policy is to protect patient identification information and aggressively maintain proper procedures and training to ensure all patient information is secure.

  • Patient information on the Tall Tree Administrators Claims Manager System will be automatically backed up to an on-site backup drive. Full backups occur at least weekly, and ongoing "transaction" backups occur at least every hour.
  • Those backups are also backed up to an off-site location. Before leaving the Tall Tree Administrators network, the files are encrypted with industry-standard, well-known tools. The encryption key(s) are backed up separately.
  • Files of the Tall Tree Administrators office information system are automatically backed up in a similar fashion.
  • Backups are regularly inspected to ensure that the information can be correctly retrieved.
  • Patient information that is active (live and in the Claims Manager System) is protected by passwords and physical access controls.

Identity Fraud is the acquiring of another person's sensitive information (without that person's knowledge) and the fraudulent use of such information.

This policy provides a set of guidelines to reduce this risk to customers and employees from identity fraud.

Sensitive Information includes the following items whether they are stored in electronic, written, or printed format: credit card number, Social Security number, payroll information, bank information and medical information.

Hard Copies of sensitive information (paper) require locked storage.

  • File cabinets, desk drawers, overhead cabinets, and any other storage space containing documents with sensitive information must remain locked when not in use.
  • Storage rooms containing documents with sensitive information and record retention areas must be locked at the end of each workday or when unsupervised.
  • Desks, workstations, work areas, printers and fax machines, and common shared work areas must be cleared of all documents containing sensitive information when not in use.
  • Documents containing sensitive information must be shredded when discarding.
  • When exchanging documents with sensitive information between departments, such Documents must be passed between two persons directly.

Electronic Forms of sensitive information require encryption.

  • Sensitive information may only be transmitted using approved encrypted methods.
  • Sensitive information must not be saved on any local computer and will not be entered into any account notes or general account information.
  • Sensitive information may only be entered into authorized encrypted database tables or fields.

It is the responsibility of all employees to make every effort to protect sensitive information and report any observances that may require additional attention.