In pursuing our mission to facilitate the delivery of better hearing to the world, Sycle and its affiliated companies (“we,” “our,” “us”) may collect, use and disclose Personal Information about Sycle customers and users of Sycle services. This privacy policy explains what Personal Information Sycle collects, uses, and discloses about Sycle customers and users of Sycle services, and our purposes for doing so. It also explains how we endeavor to protect this information, what rights you have and how to contact us if you have any questions or concerns. By engaging with Sycle, you agree to be bound by this policy and by our website Terms of Use. For the purposes of this privacy policy, “Personal Information” and “personal data” have the same meaning.
In pursuing our mission to facilitate the delivery of better hearing to the world, Sycle and its affiliated companies (“we,” “our,” “us”) may collect, use and disclose Personal Information about Sycle customers and users of Sycle services. This privacy policy explains what Personal Information Sycle collects, uses, and discloses about Sycle customers and users of Sycle services, and our purposes for doing so. It also explains how we endeavor to protect this information, what rights you have and how to contact us if you have any questions or concerns. By engaging with Sycle, you agree to be bound by this policy and by our website Terms of Use. For the purposes of this privacy policy, “Personal Information” and “personal data” have the same meaning.
Our processing of data on behalf of our healthcare provider customers is governed by the agreements we enter into with our customers, which may include Business Associate Agreements as applicable and required under the Health Insurance Portability and Accountability Act (“HIPAA”). Your healthcare provider may also have its own privacy practices and/or policies that govern its collection and use of your data. We are not responsible for how your healthcare provider treats your information, and we recommend you review their privacy policies.
If you are unable to access this privacy policy due to a disability, please contact us at privacy@sycle.net and we will provide you with it in an alternative format.
This Privacy Policy outlines general privacy policies applicable across jurisdictions including Canada, the United States, the European Union, Iceland, Liechtenstein, Norway, the United Kingdom, and Australia. If you are a customer or patient in one of the following jurisdictions, please see the applicable supplemental information:
Personal Information Provided by You
We collect Personal Information when you engage with us, including through use of our website, through communications with us, and through use of our Audiology Office Management Systems (“Service”). The Personal Information we collect may include your name, contact details including email address and phone number, company information, financial information, and other information you choose to provide.
Personal Information Automatically Collected
When you access or use our website, communicate with us, or use our Service, Personal Information may automatically be collected using browser navigation tools such as cookies, pixels, and other similar technologies. Information collected may include IP address, browser version, device, date and time of visit, location, website features viewed, operating system, and any errors encountered.
Personal Information Input by Our Customers
Our healthcare provider customers may provide us with Personal Information of their employees for purposes of provisioning access to the Service. Our customers may also input patient information into the System.
Personal Information Received from Third Parties
We may receive Personal Information from third parties including customer lead generation vendors.
We use Personal Information for the following reasons:
We may combine or aggregate any Personal Information we collect for any of the above purposes. We may also anonymize your Personal Information in such a way that you may not be re-identified by us or any other organization. We may use such anonymized information for any lawful purpose.
We disclose Personal Information as described below:
Cookies are small files that your internet browser stores to help websites keep track of information between visits. Our websites use cookies to help us:
As an example, when you visit our websites, cookies help us identify what you search for, what content you visit, and how frequently you return. Although the information we collect via cookies does not directly identify you, once you register on our websites, we may associate your prior and future activity on our websites and apps with the contact details you have provided.
Some of the cookies used by our websites are set by us, and some are set by third parties on our behalf. Our use of cookies from third parties enables interest-based advertising that may cause you to be shown advertisements from Sycle on other websites that you visit.
We use cookies associated with Google Analytics, Microsoft Corporation, and HubSpot, Inc. to obtain statistical data about the use of our websites and apps, and Google Adsense and Google DoubleClick for managing and placing advertisements (together “Google Services”). Google Services allow your usage to be correlated across multiples devices, such as across your mobile phone and desktop computer. Click here to learn more about Google Analytics or prevent it from collecting information about your visit to our websites or visit http://myaccount.google.com to control your advertising experience across Google Services.
If you do not want cookies set, you can configure your internet browser to reject certain cookies. Doing so may prevent certain features of our websites from working as intended. To learn more about cookies and similar technologies, visit http://allaboutcookies.org. You can also output of interest-based advertising via industry-operated websites by visiting http://www.networkadvertising.org/choices, http://www.aboutads.info/choices, and http://www.youronlinechoices.com (for European residents).
Social Media Plug-ins
In addition to cookies, we have also implemented social media plug-ins from social networks including Facebook, Instagram, LinkedIn, YouTube, and Twitter so that you can share things from our websites with your online friends and connections. With every visit to our sites which include a plug-in, your browser will connect to the social network servers. If you are logged in to the social network services while you are visiting our websites, they may associate your browsing on our website with your respective user account.
For more information, see our Cookie Policy.
Sycle is headquartered in Lone Tree, Colorado, but has key facilities and personnel in Canada and elsewhere in the United States. You acknowledge that your Personal Information may be transferred to, processed, and stored anywhere Sycle, the Cochlear Group, or their respective service providers operate except as may be restricted by law. Where we transfer or store your Personal Information in a foreign country, we will take reasonable steps to ensure that your Personal Information is protected at the same level as your applicable jurisdiction requires.
To the extent that Personal Information is collected from EEA or UK residents, we may transfer your Personal Information outside the EEA or the UK where the transfer is:
You may contact us for additional information on data transfers outside of the UK or the EEA.
Unless otherwise agreed to in writing, or as required by law, Sycle will retain Personal Information in an identifiable form for as long as it is necessary to fulfill the purpose for which it was originally collected. When the retention period ends, we will either delete the information or anonymize it so that it is no longer associated with you. For more information, please see our Customer and Patient Retention Policy.
Sycle has implemented reasonable security arrangements including appropriate administrative, technical and organizational measures to help protect Personal Information from misuse, loss, and unauthorized access or disclosure. Our security measures include appropriate access control, encryption (where appropriate), and regular security assessments. For more information see our Security Policy.
Certain jurisdictions provide individuals with certain rights to their Personal Information. These rights generally include the right to access, the right to portability, the right to correct, the right to delete, and the right to opt out of certain processing.
If you wish to make an individual rights request with us, please contact us via one of the methods listed in your applicable jurisdictional supplemental policy. To help protect your privacy and security, we will take reasonable steps to verify your identity before providing you with access to your details or before enabling you to correct, amend, or delete records. Certain jurisdictions allow individuals to make a request on behalf of someone else. In such cases we will take reasonable steps to verify the requestor’s identity and to verify their ability to make a request on your behalf before complying with any request.
You can always unsubscribe from promotional communications either via the unsubscribe links within the communications or by contacting us via one of the methods described at the end of this Privacy Policy.
If you are a patient and would like to make a request regarding to your Personal Information, please contact your clinic directly. If you are a customer, please contact your account administrator, contact Sycle Support at support@sycle.net, or see your jurisdiction-specific supplement to submit a request.
Please note that we are not responsible for the privacy practices of third parties. If you choose to engage with a third party, for example if you choose to click a link through our website, it is your responsibility to understand the privacy policy of that third party and we take not responsibility for any third party.
Our Service is designed to retain patient data, which may include patient data on minors 13 years of age or under. Aside from the clinical use of our Service, we do not knowingly or intentionally target children 13 years of age or younger, nor do we intentionally collect or maintain data about anyone under the age of 13.
Should you wish to contact Sycle or if you have any questions or concerns about this Privacy Policy or how we handle your Personal Information, please email privacy@sycle.net or write to us at:
Sycle
Attn: Privacy Officer
10350 Park Meadows Drive
Lone Tree, CO 80124
USA
If you are a patient and have questions related to the Personal Information Sycle handles on behalf of clinics or other hearing professionals, please direct your question to the specific clinic or professional.
We may update this policy from time-to-time at our own discretion. When we make a change, we will post our updated privacy policy to our website with a new “last updated” date. We encourage you to review this policy regularly to be aware of any changes.
Last Updated: July 14, 2023
This supplement applies only to information collected, used and disclosed about individuals residing in Australia, and supplements the information contained in the Sycle Privacy Policy. It provides information required in accordance with the Australia Privacy Act.
Rights of Data Subjects under Australian Law
Under certain circumstances, you have rights under data protection laws in relation to your Personal Information. If you wish to exercise any of the rights set out below you may contact us in writing.
The Australia Privacy Act offers individuals the rights to:
In addition, where we rely on consent to process your Personal Information, you have the right to withdraw consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.
In the ordinary course, you will not have to pay a fee to access your Personal Information (or to exercise any of the other rights). If an exceptional circumstance applies, we will notify you and provide you with an opportunity to respond.
We respond to all legitimate requests within one month. Occasionally it may take us longer than a month to fully respond to your request, and in this case, we may extend the timeframe, but we will notify you and keep you updated if this is the case.
Should you wish to make an individual right request, you may email privacy@sycle.net, or write to us at:
Sycle
Attn: Privacy Officer
10350 Park Meadows Drive
Lone Tree, CO 80124
USA
Last Updated: July 14, 2023
This supplement applies only to information collected, used and disclosed about individuals residing in Canada, and supplements the information contained in the Sycle Privacy Policy. It provides information required in accordance with the Personal Information Protection and Electronic Documents Act (“PIPEDA”), Alberta’s Personal Information Protection Act, British Columbia’s Personal Information Protection Act, and Quebec’s Act Respecting the Protection of Personal Information in the Private Sector.
Rights of Data Subjects under Canadian Law
Under certain circumstances, you have rights under data protection laws in relation to your Personal Information. If you wish to exercise any of the rights set out below you may contact us in writing.
PIPEDA and the other Provincial laws referenced above offer individuals the rights to:
In addition, where we rely on consent to process your Personal Information, you have the right to withdraw consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.
In the ordinary course, you will not have to pay a fee to access your Personal Information (or to exercise any of the other rights). If an exceptional circumstance applies, we will notify you and provide you with an opportunity to respond.
We respond to all legitimate requests within one month. Occasionally it may take us longer than a month to fully respond to your request, and in this case, we may extend the timeframe, but we will notify you and keep you updated if this is the case.
Should you wish to make an individual right request, you may email privacy@sycle.net, or write to us at:
Sycle
Attn: Privacy Officer
10350 Park Meadows Drive
Lone Tree, CO 80124
USA
Last Updated: July 14, 2023
This supplement applies only to information collected, used, and disclosed about individuals residing in the European Union, Iceland, Liechtenstein, or Norway (the “EEA”) or the United Kingdom, and supplements the information contained in the Sycle Privacy Policy. It provides information required in accordance with Article 13 of the European Union General Data Protection Regulation 2016/679 (the “GDPR”) and the UK General Data Protection Regulation.
Sycle has designated the following representative who is responsible for overseeing questions in relation to this Policy:
Attn: Privacy Officer
6 Dashwood Lang Road, Bourne Business Park, Addlestone, KT15 2HJ, United Kingdom
Lawful Bases for Processing
We collect Personal Information about you for a variety of purposes based on the specific legal grounds described in the table below:
Purpose for Collection | Lawful Basis |
---|---|
Delivering information, content, products, or services that you request or purchase |
|
Providing marketing communications about our products and services, or those of third parties, that may be of interest to you |
|
Understanding how you use our products, services, and website in order to improve and further develop our products and services and the content, features, performance, and support available through our website |
|
Providing legal or service-related notices about our products, services, and website |
|
Detecting, preventing, and responding to fraud, intellectual property infringement, violations of our website Terms of Use, violations of law, or other misuse of the website |
|
Protecting our rights or the rights, property, and safety of others |
|
Complying with laws and regulations, judicial and administrative orders, or lawful requests from governmental authorities |
|
Fulfilling our contractual relationship with you, including carrying out our obligations and exercising our rights |
|
We process the Personal Information of visitors to our website, those who communicate with us, and those who use our Service who are located in the EEA or the UK for the purposes set out in the table above together with our legal basis. Where more than one purpose is listed, please contact us if you would like to know the specific legal basis which applies in connection with your specific enquiry. We have provided further information on the legal bases we generally rely on below:
Rights of Data Subjects under GDPR
Under certain circumstances, you have rights under data protection laws in relation to your Personal Information. If you wish to exercise any of the rights set out below, you may contact us verbally or in writing.
The GDPR offers individuals the rights to:
In addition, where we rely on consent to process your Personal Information, you have the right to withdraw consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.
In the ordinary course, you will not have to pay a fee to access your Personal Information (or to exercise any of the other rights).
We respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we may extend the timeframe by up to two further months but we will notify you and keep you updated if this is the case.
Should you wish to make an individual right request, you may email privacy@sycle.net, call +1-888-881-7925, or write to us at:
Sycle
Attn: Privacy Officer
10350 Park Meadows Drive, Lone Tree, CO 80124, USA
You may also contact our Data Privacy Officer by calling +44 1932 26 3400, or by writing to:
Attn: Privacy Officer
6 Dashwood Lang Road, Bourne Business Park, Addlestone, KT15 2HJ, United Kingdom
If you have any complaints regarding our privacy practices, you have the right to make a complaint with your national data protection authority. However, we would appreciate the opportunity to address any concern you have so please contact us in the first instance. Although we will strive to address any questions or concerns you may have, you also have the right to directly contact your local privacy or data protection regulator.
Last Updated: July 14, 2023
This supplement applies only to information collected, used, and disclosed about individuals residing in California, Colorado, Virginia, Utah, or Connecticut and supplements the information contained in the Sycle Privacy Policy. It provides information required under the California Consumer Privacy Act of 2018 and as amended by the California Privacy Rights Act of 2020 (collectively, the “CCPA”), the Colorado Privacy Act of 2021 (the “CPA”), the Virginia Consumer Data Protection Act of 2021 (the “VCDPA”), the Utah Consumer Privacy Act of 2022 (the “UCPA”), and the Connecticut Data Privacy Act of 2022 (“CDPA”) and any and all regulations arising therefrom.
This supplement describes our practices regarding the collection, use, and disclosure of Personal Information and provides instructions for submitting data subject requests. Some portions of this supplement apply only to consumers of particular states, and we have indicated where those portions are state-specific.
Definitions Specific to this Supplement
Other terms used in this supplement may be defined under the CCPA, CPA, VCDPA, UCPA, or CDPA, and they shall have the meanings described in those statutes. If there are variations between such definitions in different laws, you will be covered by the definition that applies in your state. For example, if you are a Virginia consumer, terms defined in the VCDPA shall apply to you if they are used in this supplement.
Categories of Personal Information and Sensitive Personal Information We Collect & Process
We, and our Vendors, may have collected and processed the following categories of Personal Information about you in the preceding 12 months:
We, and our Vendors, may have collected and processed the following categories of Sensitive Personal Information about you in the preceding 12 months:
Categories of Personal Information and Sensitive Personal Information We Disclose to Vendors & Third Parties
We may disclose the following categories of Personal Information to Vendors and Third Parties:
We may disclose the following categories of Sensitive Personal Information to Vendors and Third Parties:
Disclosure for California Consumers: We have not sold or shared Personal Information about California consumers in the past twelve months. Relatedly, we do not have actual knowledge that we sell or share Personal Information of California consumers under 16 years of age. For purposes of the CPRA, a “sale” is the disclosure of Personal Information to a Third Party for monetary or other valuable consideration, and a “share” is the disclosure of Personal Information to a Third Party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration.
Disclosure for Colorado Consumers: We do not sell Personal Information to Third Parties or process personal Information for purposes of targeted advertising or Profiling in furtherance of decisions that produce legal or similarly significant effects concerning a consumer, as the terms “sell,” “process,” “targeted advertising,” and “profiling” are defined in the CPA.
Disclosure for, Virginia, Utah and Connecticut Consumers: We do not sell or share Personal Information to Third Parties or process Personal Information for purposes of targeted advertising, as the terms “sell,” “share,” “process,” and “targeted advertising” are defined in the VCDPA, UCPA and CDPA.
Sources from Which We Collect Personal Information
We collect Personal Information directly from California, Colorado, Virginia, Utah and Connecticut consumers. We also collect Personal Information from our Vendors, customers, website, and social media platforms.
Purposes for Processing Personal Information
We, and our Vendors, collect, process, and disclose the Personal Information (excluding Sensitive Personal Information) described in this supplement to:
We may combine or aggregate any Personal Information we collect for any of the above purposes. We may also anonymize your Personal Information in such a way that you may not be re-identified by us or any other organization. We may use such anonymized information for any lawful purpose.
Purposes for Processing Sensitive Personal Information
We, and our Vendors, collect and process the Sensitive Personal Information described in this supplement only for:
Categories of Entities to Whom We Disclose Personal Information
Retention of Data
We intend to retain each category of Personal Information described above only for as long as necessary to fulfill the purpose for which it was collected, or a related and compatible purpose consistent with the average consumer’s expectation, and to comply with applicable laws and regulations. We consider the following criteria when determining how long to retain Personal Information: why we collected the Personal Information; the nature of the Personal Information; the sensitivity of the Personal Information; our legal obligations related to the Personal Information, and risks associated with retaining the Personal Information.
Individual Data Rights Request
California, Colorado, Virginia, Utah, and Connecticut consumers have certain rights with respect to the collection and use of their Personal Information. Those rights vary by state. As required by the CCPA, we provide detailed information below regarding the data subject rights available to California consumers. Consumers in Colorado, Virginia, Utah, and Connecticut have similar rights and can find more detail by referencing the CPA, VCDPA, UCPA, or CDPA, as applicable.
You have the right to submit requests related to the Personal Information we have collected about you. You may make such a request twice in a 12-month span. Please note, there are circumstances when we may not be able to comply with your request. For example, we may not be able to verify your request, or we may find that providing a full response conflicts with other legal obligations or regulatory requirements. We will notify you if this is the case.
Right to Receive Information on Privacy Practices. You have the right to receive the following information at or before the point of collection:
We have provided such information in this supplement, and you may request further information about our privacy practices by using the contact information provided below.
Right Know and Right to Access. You have the right to request certain information we have collected about you. You have the right to request:
Right to Delete. You have the right to request that we delete certain Personal Information that we have collected.
Right to Correct. You have a right to request that we correct any inaccurate Personal Information we may retain about you.
Right to Non-discrimination. You have a right to exercise the above rights, and we will not discriminate against you for exercising these rights. Please note that a legitimate denial of a request to access, delete, or opt-out is not discriminatory, nor is charging a fee for excessive or repetitive requests.
Instructions to Exercise your Rights
If you would like to make any of the data requests listed above, please call us at 888-881-7925. If you use the telephone number, you will be guided through a process that will allow you to submit a verifiable request, and the level of verification will depend on the request being submitted. You may also submit a request by emailing us at privacy@sycle.net.
You may designate an authorized agent to exercise your rights under the CCPA on your behalf. Such individual must have power of attorney, or be an authorized agent registered with the relevant Secretary of State.
Verification Process
When you submit a request to exercise your data subject rights, we may ask you to provide information that will enable us to verify your identity.
If you designate an authorized agent to exercise your rights on your behalf, we may require that you or the authorized agent do the following:
We may deny a request from an agent purportedly acting on your behalf if we request, and the agent does not submit, proof that he, she, or it has been authorized by you to act on your behalf.
Right to Appeal for California, Virginia, Colorado, and Connecticut Consumers.
You have the right to appeal our decisions about your data subject requests. If you choose to appeal, your request will move from Customer Experience team to our Legal Department for review. If you would like to appeal a decision regarding your data request, please call 888-881-7925, or email privacy@sycle.net. Please state that your request is an “Appeal,” and describe the date and nature of your original request.
Personal Information of Minors
Our online content is not intended for children or minors under the age of sixteen years. Accordingly, we do not knowingly store information from minors under the age of sixteen years, except as required by applicable law. If you believe that a child has submitted Personal Information to us, please contact us at privacy@sycle.net or 888-881-7925 and we will delete the information.
Other Disclosures
California “Shine the Light Request.” California Civil Code § 1798.83 permits California residents to annually request certain information regarding our disclosure of Personal Information to other entities for their direct marketing purposes in the preceding calendar year. We do not distribute your Personal Information to other entities for their own direct marketing purposes.
Updates to this Supplement
We reserve the right to amend this supplement at our discretion and at any time. When we make material changes to this supplement, we will notify you by posting an updated supplement on our website and listing the effective date of such updates.
Contacting Sycle
If you have any questions, comments, requests, or concerns related to this supplement or our information practices please contact us by email at privacy@sycle.net, by phone at 888-881-7925, or by mail at
Sycle
Attn: Privacy Officer
10350 Park Meadows Drive
Lone Tree, CO 80124
USA
1. Introduction
Cookie Policy
Our website, https://sycle.com (hereinafter: “the website”) uses cookies and other related technologies (for convenience all technologies are referred to as “cookies”). Cookies are also placed by third parties we have engaged. In the document below we inform you about the use of cookies on our website.
2. What are cookies?
A cookie is a small simple file that is sent along with pages of this website and stored by your browser on the hard drive of your computer or another device. The information stored therein may be returned to our servers or to the servers of the relevant third parties during a subsequent visit.
3. What are scripts?
A script is a piece of program code that is used to make our website function properly and interactively. This code is executed on our server or on your device.
4. What is a web beacon?
A web beacon (or a pixel tag) is a small, invisible piece of text or image on a website that is used to monitor traffic on a website. In order to do this, various data about you is stored using web beacons.
5. Cookies
5.1 Technical or functional cookies
Some cookies ensure that certain parts of the website work properly and that your user preferences remain known. By placing functional cookies, we make it easier for you to visit our website. This way, you do not need to repeatedly enter the same information when visiting our website and, for example, the items remain in your shopping cart until you have paid. We may place these cookies without your consent.
5.2 Statistics cookies
We use statistics cookies to optimize the website experience for our users. With these statistics cookies we get insights in the usage of our website. We ask your permission to place statistics cookies.
6. Placed Cookies
7. Consent
Depending on the country from which you access our website, when you visit our website for the first time, we may show you a pop-up with an explanation about cookies and providing you with the ability to accept all cookies, reject all cookies except necessary cookies, or to customize your cookie preferences. If you click to accept all cookies, then you consent to us using all cookies and plug-ins as described in the pop-up and this Cookie Policy. You can make changes to your cookie preferences at any time by making selections below. You can also disable the use of cookies via your browser, but please note that if you disable all cookies, our website may no longer work properly.
8. Enabling/disabling and deleting cookies
You can use your internet browser to automatically or manually delete cookies. You can also specify that certain cookies may not be placed. Another option is to change the settings of your internet browser so that you receive a message each time a cookie is placed. For more information about these options, please refer to the instructions in the Help section of your browser.
Please note that our website may not work properly if all cookies are disabled. If you do delete the cookies in your browser, they will be placed again after your consent when you visit our websites again.
9. Your rights with respect to personal data
You have the certain rights with respect to your personal data. For more information on your rights, please see the Sycle Privacy Policy and any applicable jurisdiction-specific supplement.
To exercise these rights, please contact us. If you have a complaint about how we handle your data, we would like to hear from you, but you also have the right to submit a complaint to the supervisory authority (the Data Protection Authority). For more information about submitting a complaint, please see the Sycle Privacy Policy and any applicable jurisdiction-specific supplement.
10. Contact details
Should you wish to make an individual right request, please email privacy@sycle.net, call 1-888-881-7925, or write to us at:
Sycle
Attn: Privacy Officer
10350 Park Meadows Drive, Lone Tree, CO 80124 USA
You may also contact our Data Privacy Officer by calling +44 1932 26 3400, or by writing to:
Attn: Privacy Officer
6 Dashwood Lang Road, Bourne Business Park, Addlestone, KT15 2HJ, United Kingdom
This Cookie Policy was synchronized with cookiedatabase.org on August 30, 2022.
Last Updated: July 14, 2023
Our website has security measures in place to help protect against the loss, misuse, and alteration of the data under our control. When our website is accessed using Microsoft Internet Explorer versions 5.0 or higher, Secure Socket Layer (SSL) technology protects information using server authentication to help ensure that data is safe, secure, and available only to you. Our website is hosted in a secure server environment that uses a firewall and other advanced technology to prevent interference or access from outside intruders. Finally, our website provides unique usernames and passwords that must be entered each time a customer logs on. These safeguards help prevent unauthorized access, maintain data accuracy, and ensure the appropriate use of data.
Security Measures
Security measures include the following:
Physical Security
Our production equipment is collocated at an IBM Data Center that provides:
User Authentication
Users access our website only with a valid username and password combination, which is encrypted via SSL while in transmission. An encrypted session ID cookie is used to uniquely identify each user. For added security, the session key is automatically scrambled and re-established in the background at regular intervals.
Application Security: Our comprehensive application security model prevents customers from accessing another customer’s data. This security model is reapplied with every request and enforced for the entire duration of a user session.
Internal Systems Security: Inside of the perimeter firewalls, systems are safeguarded by network high-performance web proxies, access control lists, non-routable IP addressing schemes, and more. Exact details of these features are proprietary.
Database Security: Sycle database servers are not exposed to the internet. All Sycle database servers reside on a separate private network that can only be accessed by the Sycle application. All Sycle administration is through individual, monitored administration logins.
Server Management Security: All data entered into our application by a customer is owned by that customer. Sycle employees do not have direct access to production equipment, except where necessary for system management and administration, monitoring, backups and customer support at the behest of the customer.
Business Continuity and Disaster Recovery: All networking components, SSL accelerators, load balancers, web servers, and application servers are configured in a redundant configuration. All customer data is stored on multiple database servers with full business continuity fail-over. Data is backed up nightly and stored to a secure offsite facility. In the event of catastrophic failure, data can be restored within a maximum of 24 hours.
HIPAA (Health Insurance Portability and Accountability Act of 1996) is a regulation designed to protect confidential healthcare information through improved security standards and federal privacy legislation. It defines requirements for storing patient information before, during, and after electronic transmission. It also identifies compliance guidelines for critical business tasks such as risk analysis, awareness training, audit trail, disaster recovery plans, and information access control and encryption.
The HIPAA regulation has three main components that apply to “covered entities” (a covered entity is any provider of healthcare services that charges the government or insurance for their services):
Standard Transaction Code Sets
Patient Information Privacy
Patient Information Security (both electronic and physical records)
To learn more about HIPAA, please visit:
http://www.hhs.gov/ocr/privacy/hipaa/understanding/index.html
http://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act
"*" indicates required fields