Privacy Policy

Internet Privacy Policy
Navicure is very sensitive to privacy issues. We respect your right to privacy and feel it is important for you to know how we handle the information we receive from you via the Internet. Additionally, our online and offline business practices are in full compliance with the privacy requirements under the Health Insurance Portability and Accountability Act (HIPAA).

Protecting Your Confidential Information
We have taken precautionary measures to make all information received from our online visitors as secure as possible against unauthorized access and use.

It may be necessary for us to provide your information to contracted external partners in order to provide you with Navicure services. They may only use the information provided for the specified use and project and are strictly prohibited from unauthorized distribution and release.

Navicure may also use your information to investigate or prevent activity that is either potentially unlawful or that threatens our network or violates our customer agreement, or to respond to a subpoena or other legal process.
This Privacy Policy does not apply to information that you provide to third parties to which you link from our site. Please review each website's privacy policy before using the site or providing your information. Navicure reserves the right to update this Privacy Policy at any time. Your continued use of the website will constitute acceptance of this Privacy Policy

Your Online Preferences
Navicure uses "cookie" technology to obtain usage information from our online visitors. You may disable your cookie information by adjusting your browser preferences on your personal computer at any time. Keep in mind that cookies do not identify a specific user and are not used to collect any personal information. In order to provide the best possible service and relevant information to you, we use cookies to:

  • Track resources and data accessed on the site per visitor
  • Record general site statistics and activity
  • Assist users experiencing Web site problems

Your Data is Safe
We have appropriate security measures in place in our physical facilities to protect against the loss, misuse or alteration of information that we have collected from you at our site.

Our Online Communication Practices > General Email Communications
The email functionality on our site, unless otherwise noted, does provide a completely secure and confidential means of communication. Only communication through the Navicure Secure web site provides a secure and private means for sending email to Navicure, and Navicure does not guarantee or warrant that email transmitted through other means is secure or confidential during transit.

Transmission of Secure Data
Practices submit claims through a secure, HTTPS, 128 bit encrypted,Web interface. Navicure is committed to providing HIPAA/ANSI standards solutions to providers. As such, data is stored in a data schema designed entirely around the ANSI HIPAA standards in an Oracle relational database. Using a relational database allows rapid development and deployment of modifications or enhancements to the application and related transaction formats, edits, etc.

The Navicure system was designed to support all of the HIPAA/ANSI standard transaction sets. The 837P, 835, 997, and 277 transaction sets are currently in production. The 837I, 837D, 270, 276 and 278 transactions will be added as the payer community expands support for them.

The addition of these additional HIPAA transactions can be easily accomplished using Navicure's Oracle relational data store, and since Navicure's customer interface is a secure Web connection, no new software will be needed to enable customers to access these new transactions.

Compliance with HIPAA Security Rules
The Security Standards define administrative, physical, and technical safeguards necessary to protect the confidentiality, integrity, and availability of electronic protected health information from unauthorized access, alteration, deletion, and transmission. As such Navicure has implemented the following policies:

  • All access from the Internet to the database server is restricted with the exception of the web server. From the web server only SQL*Net traffic is allowed. All other services between the web server and Navicure’s internal network have been disabled.
  • All application web page requests, uploads and downloads require an SSL secured connection with 128-bit cipher strength.
  • To connect to the application, the system requires a username/password/company logon combination for access.
  • Each user is assigned their own logon combination.
  • All failed attempts to connect to the application are recorded and monitored.
  • As the user navigates through the application, each page visited is recorded.
  • Access to claim data is logged; whether access was to patient sensitive or non-sensitive data is also logged.
  • Customers are assigned a local administrator to manage user access specific to their company. Users can be restricted from application modules, functionality and/or claim data.
  • All claim data is stored under specific customer identifiers preventing unauthorized access of data between clients. Customers do not share patient data.
  • Direct access to the database is restricted to key systems personnel.
  • FTP transfers are conducted in one of three methods for security:
    A) A VPN is setup between both sites to transmit the file
    B) A secure dialup line is established to transmit the file
    C) The file is encrypted before being transmitted
  • All modifications made to the data are stored in the database as revisions. Revisions contain the user that modified the data and the date/time the modification was made.
  • All inbound and outbound transmissions of data are recorded. That data includes who transmitted the data, what data was transmitted, and when the transmission occurred.
  • A full database backup is made once a week and delivered offsite to a secure storage facility in case disaster recovery is needed.
    A) An online backup is done every night for data recoverability.
    B) A data export is done daily for data recoverability.
    C) Archive logs are maintained to allow point-in-time recovery.
    D) Claim data is available online for 2 years.
    E) Claim data is stored for 7 years.

Compliance with HIPAA Privacy Rules
The Privacy Rule sets standards for how protected health information should be controlled by setting forth what uses and disclosures are authorized or required and what rights patients have with respect to their health information.

Navicure's HIPAA Notice of Privacy Practices explains how Navicure uses and discloses protected health information in its business.

Navicure reminds its users of the responsibility to safeguard the protected health information by displaying a “Privacy Notice” each time the customer logs into the application which the user must acknowledge to gain access to the application.