Navicure is very sensitive to privacy issues. We respect your right to
privacy and feel it is important for you to know how we handle the information
we receive from you via the Internet. Additionally, our online and offline
business practices are in full compliance with the privacy requirements
under the Health Insurance Portability and Accountability Act (HIPAA).
We have taken precautionary measures to make all information received
from our online visitors as secure as possible against unauthorized access
It may be necessary for us to provide your information to
contracted external partners in order to provide you with Navicure services.
They may only use the information provided for the specified use and project
and are strictly prohibited from unauthorized distribution and release.
Navicure may also use your information to investigate or
prevent activity that is either potentially unlawful or that threatens
our network or violates our customer agreement, or to respond to a subpoena
or other legal process.
third parties to which you link from our site. Please review each website's
Navicure uses "cookie" technology to obtain usage information
from our online visitors. You may disable your cookie information by adjusting
your browser preferences on your personal computer at any time. Keep in
mind that cookies do not identify a specific user and are not used to
collect any personal information. In order to provide the best possible
- Track resources and data accessed on the site per visitor
- Record general site statistics and activity
- Assist users experiencing Web site problems
We have appropriate security measures in place in our
physical facilities to protect against the loss, misuse or alteration
of information that we have collected from you at our site.
General Email Communications
The email functionality on our site, unless otherwise noted, does provide
a completely secure and confidential means of communication. Only communication
through the Navicure Secure web site provides a secure and private means
for sending email to Navicure, and Navicure does not guarantee or warrant
that email transmitted through other means is secure or confidential during
Practices submit claims through a secure, HTTPS, 128 bit encrypted,Web
interface. Navicure is committed to providing HIPAA/ANSI standards solutions
to providers. As such, data is stored in a data schema designed entirely
around the ANSI HIPAA standards in an Oracle relational database. Using
a relational database allows rapid development and deployment of modifications
or enhancements to the application and related transaction formats, edits,
The Navicure system was designed to support all of the HIPAA/ANSI
standard transaction sets. The 837P, 835, 997, and 277 transaction sets
are currently in production. The 837I, 837D, 270, 276 and 278 transactions
will be added as the payer community expands support for them.
The addition of these additional HIPAA transactions can
be easily accomplished using Navicure's Oracle relational data store,
and since Navicure's customer interface is a secure Web connection, no
new software will be needed to enable customers to access these new transactions.
The Security Standards define administrative, physical, and technical
safeguards necessary to protect the confidentiality, integrity, and availability
of electronic protected health information from unauthorized access, alteration,
deletion, and transmission. As such Navicure has implemented the following
- All access from the Internet to the database server
is restricted with the exception of the web server. From the web server
only SQL*Net traffic is allowed. All other services between the web
server and Navicure’s internal network have been disabled.
- All application web page requests, uploads and downloads
require an SSL secured connection with 128-bit cipher strength.
- To connect to the application, the system requires a
username/password/company logon combination for access.
- Each user is assigned their own logon combination.
- All failed attempts to connect to the application are
recorded and monitored.
- As the user navigates through the application, each page
visited is recorded.
- Access to claim data is logged; whether access was to
patient sensitive or non-sensitive data is also logged.
- Customers are assigned a local administrator to manage
user access specific to their company. Users can be restricted from
application modules, functionality and/or claim data.
- All claim data is stored under specific customer identifiers
preventing unauthorized access of data between clients. Customers do
not share patient data.
- Direct access to the database is restricted to key systems
- FTP transfers are conducted in one of three methods for
A) A VPN is setup between both sites to transmit the file
B) A secure dialup line is established to transmit the file
C) The file is encrypted before being transmitted
- All modifications made to the data are stored in the
database as revisions. Revisions contain the user that modified the
data and the date/time the modification was made.
- All inbound and outbound transmissions of data are recorded.
That data includes who transmitted the data, what data was transmitted,
and when the transmission occurred.
- A full database backup is made once a week and delivered
offsite to a secure storage facility in case disaster recovery is needed.
A) An online backup is done every night for data recoverability.
B) A data export is done daily for data recoverability.
C) Archive logs are maintained to allow point-in-time recovery.
D) Claim data is available online for 2 years.
E) Claim data is stored for 7 years.
The Privacy Rule sets standards for how protected health
information should be controlled by setting forth what uses and disclosures
are authorized or required and what rights patients have with respect
to their health information.
Notice of Privacy Practices explains how Navicure uses and discloses
protected health information in its business.
Navicure reminds its users of the responsibility to
safeguard the protected health information by displaying a “Privacy
Notice” each time the customer logs into the application which the
user must acknowledge to gain access to the application.