Privacy Controls / Authorization
First, we provide you with control over your health records stored at eHealthTrust. We are working with state-of-the-art privacy and security firms that ensure we can provide you the latest in privacy controls. You will have the capability to control with whom you share your data, if ever. We will not share your data, without your permission. We think the best privacy policy for the country is to allow each person to control their data, essentially setting their own privacy policy!

HIPAA and Privacy
What about HIPAA? We have stronger privacy controls than the HIPAA privacy rule requires. Did you know that HIPAA actually removed the requirement of your consent for the movement or sharing of your records? Today, under HIPAA and Arizona law, with only a few exceptions, your health information can be shared for purposes of treatment, payment and operations (TPO) without asking your permission. At eHealthTrust, you control with whom your information is shared. We think that's how it should be - everywhere. Don't you? For more on the HIPAA privacy rule, click here.

Credit Card Security
eHealthTrust has partnered with Authorize.net to offer safe and secure credit card transactions for our Members.

The company adheres to strict industry standards for payment processing, including:

• 128-bit Secure Sockets Layer (SSL) technology for secure Internet Protocol (IP) transactions.
• Industry leading encryption hardware and software methods and security protocols to protect customer information.
• Compliance with the Payment Card Industry (PCI) Data Security Standard.

Secure Health Data
We use a very unique and secure architecture for our database. When health data is in transit between your browser and our server, we use SSL encryption - just as with your payment information. When your data is at rest, the most sensitive data is encrypted, so that even if someone gained access to the database, or obtained a copy of the database, without the specific password for a specific account, the sensitive health data appears as "gibberish." We make it a point not to store your health record account passwords, thus providing you with additional security.

Secure Location
We have talked for years about the need to store health records in a single, very secure location - instead of setting up a loose network of data sources, or storing data on laptops or mobile devices, with varying levels of security. This is the policy of the most secure government agencies, or, as Andrew Carnegie used to say, "Put all of your eggs in one basket, and watch that basket!"

The Greater Phoenix area has become a magnet for large, international corporations and health care organizations to store their data for two very good reasons: 1) We need not worry about floods, earthquakes, or tornados, and 2) We have some of the most secure, most connected and reliable data centers in the world right here.

eHealthTrust has chosen to work with i/o Data Centers, and we encourage you to check out their website yourself (www.iodatacenters.com). Without telling you exactly where your data is, we can assure you it is in the Greater Phoenix area, supported by redundant power, and redundant Internet (multiple carriers) by a firm that offers us and their other world-class customers excellent uptime and security. In our own environment, we maintain redundant servers for your health information. The security of your data, while also maintaining its intended availability, is extremely important to us.

Authentication
But, how do we know that "you are who you say you are"? We are deploying some of the most advanced authentication techniques; similar to what you may have experienced when a financial bank suspects fraud on your account. This allows us to ensure those from whom we request data on your behalf that, indeed, "you are who you say you are."

Finally, we also are very selective in our hiring of employees and contractors. Anyone with access to either your financial or health data signs a confidentiality agreement, and those that maintain the health information databases, or access your account with your permission or in an emergency are trained and certified in privacy and security. Our initial level of customer service agents, for example, have no access to your medical records or health information. A second level of support, composed of both doctors and health information professionals, have access to your actual health information, and are trained in privacy and security.