Privacy Statement

Fredericks Benefits works hard to help protect confidentiality, prevent unwanted or unauthorized transfer of personal data,

implement technical safeguards and policies and identify and address privacy issues.

Your privacy is very important to Fredericks Benefits. We have created this privacy statement as part of our commitment to

the confidentiality of visitor data. It is the policy of this office that we shall follow all of the specific technical security policies
outlined below. The Security Officer shall periodically review and revise these measures as
necessary to stay current with changes in technology and security practices.

Q. How secure is the data on ezhr4u.com and ezhr4u.net?

A. Internal Security System

We count on a well-designed management structure that provides the deepest and most intelligent security available for

safeguarding our corporate network from damaging cyber attacks that are introduced inside the network.. Our information

security and physical security are combined under a single management structure. The following is a list of best practices

that are used to develop our Internal Security System:

Use network-, System-, file-, and application-level access controls and restrict access to authorized times and tasks as required.

Clearly defining and assigning information security roles and responsibilities and ensure adequate resources are allocated.

Visible sponsorship and direction, written communications, and regular staff meeting time on this subject.

Creating, enforcing, and regularly reviewing security policies.

Information security is a normal part of their responsibility of each of our employees.

All users are validated against our MS SQL 2000 database. A login user & password are used to authenticate and verify their

browser session. All users have specific access level authorization granted to their login by the client’s designated management.

These access levels are utilized to generate the use of authorized content that is specific to that individual user.

Login key verification is performed against all sensitive information for that database every time that information is accessed.

Whenever any user attempts to access any page, form, or content, the ASP code validates the user’s session. Authorization

against security matrix, either grants or refuses delivery information to the client’s browser session.

Live Database Backups
When it comes to backing up critical live databases, traditional file system backup systems break. Our transparent, live database

backup solution doesn’t affect applications or user access and is updated every 4 hours. Agents are available for Oracle,

Lotus Notes, Informix, Sybase, Microsoft SQL Server, and Exchange Server.

Additional Off-Site Storage
InteleNet utilizes Iron Mountain®, the industry leader in Off-Site Data Protection to protect our customers’ vital data

after it has been backed up to tape daily.
 

Entity Authentication

It is the policy of our office that the identity of any person or company requesting protected health
information electronically will be verified to best of our ability. These measures shall include:

• Procedural measures – users requesting remote systems access via dial-up connection
shall phone the office, provide a unique identifier, and request that the modem be
activated. At all times when not in use, modems shall be turned off.

• Remote access (persistent connection) – when connecting to the office’s computer via
Internet or other non-secure media, user ID and password shall be required
electronically. The password shall be changed frequently to ensure that it is not
compromised.

• Private Network – User ID, password and (depending on system capabilities) unique
machine ID or IP address will be required for log in.

• E-Mail – Entities requesting PHI via e-mail shall be screened as follows:
Known entities (other offices with which you frequently correspond) –
professional judgment based on prior conversations and normal business
practices.

• Unknown persons/entities – verify identity with a phone call, asking information to
ensure that the person requesting is authorized to have the information. If no
phone number is available, reply to the e-mail and request a live phone line to
call. Ask questions related to the member (SSN, date of birth) or the service
(date of service, location, etc.) that someone with a legitimate right to know might
have but others might not.

Encryption

We understand that there is a risk whenever PHI travels over an open network like the Internet
that it will be intercepted and used inappropriately and that encryption technologies exist to allow
data to be sent securely over open networks by ensuring that only the intended recipient and
sender can open the message.

Given this office’s obligation to protect PHI, it is prudent for us to encrypt PHI at every
opportunity. However, many of our members and colleagues do not have the technical ability to
encrypt e-mail or other transmissions. Therefore, it is the policy of our office that data sent over
an open network shall be encrypted when:

• The subject of the PHI requests it
• The recipient requests it
• Both recipient and sender have the capability and are aware of each other’s capabilities
• Unencrypted e-mail containing PHI shall bear a disclaimer indicating that the information in the
e-mail is for the intended recipient only and that any other use is not authorized, is not allowed
and will be punished to the full extent of the law.

Virus Protection and Electronic Firewall

It is the policy of our office that:

• Virus protection software shall be installed on all computers, regardless of network
connectivity.

• Firewall software and/or hardware shall be installed on all computers with a connection to
the Internet or other open computer network. Firewall software and/or hardware may be
installed on the server or other routing device rather than on each workstation.

• We shall sign up to receive notification of automated updates for all patches, fixes, virus
definitions, etc. for virus protection and firewall software. It is preferable to obtain
automated updates (rather than human-intervention downloads) whenever possible.

• Virus protection and firewall software shall be kept up to date with all available patches
and definition files. Updates shall be made no more than 14 days after you receive
notification of the availability of the patch/virus definition.

This statement applies to ezhr4u.com ~ ezhr4u.net ~ ezhr4u.tv ~ fredericksbenefits.com ~ ezhrforum.com

blueoceanbenefits.com ~ blueoceanbenefits.net and ezinvset4u.com .

These sites contain links to other sites. Fredericks Benefits is not responsible for the content or privacy practices of such linked sites.

From time to time, this statement may change to meet the needs of our business or customers.

If you have any questions or concerns about privacy issues, please e-mail info@fredericksbenefits.com or call 951-792-1070.