Distribution: Employees, Vendor Partners and Clients, as applicable

Effective Date: 5/25/2018

Last updated: 5/29/2018

Version 5.1

The security of all WorkCare data, inclusive of client data, is of paramount concern to WorkCare. For purposes of this statement, “client data” includes, but is not limited to, protected health information (PHI) and electronic protected health information (EPHI) as defined by HIPAA as well as personally identifiable information (PII).

The WorkCare Information Security Department ensures that WorkCare meets or exceeds industry best practices with regards to the safe use, storage and transmission of all company data. IT Policies and Procedures are routinely and regularly checked and updated to reflect current industry best practices ensuring compliance with HIPAA, HITRUST, GDPR, NIST, and other Information Technology Security Standards.

We collect personal data only if required to provide our services and/or comply with applicable laws and regulations. To enable us to deliver our services, it is necessary for us to collect, process, and/or use the personal information. As part of delivery of those services, WorkCare may disclose the personal data to its partners to facilitate deliver of its services. These partners are required by contract to hold the data obtained from WorkCare as confidential and private, and securely process the information only for the specified purpose, unless otherwiase authorized by the data subject or applicable laws and regulations.

All data is stored in a SOC 3 Certified, Tier 5 Platinum rated data center located in Las Vegas, NV. Employees access the data virtually via secure and encrypted virtual machine architecture.

Periodic Audits ensure and certify that the policies and procedures that have been implemented are, in fact, working and configured properly. These audits also ensure that new threats have been sufficiently mitigated by the WorkCare IT Department.

Our Data Protection Officer may be contacted by email at dataprotectionofficer@workcare.com. If you are unhappy with the way in which your personal data has been processed, you may in the first instance contact WorkCare’s Data Protection Officer.

For more information regarding your rights under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) refer to https://www.hhs.gov/hipaa/for-individuals/guidance-materials-for-consumers/index.html.

For more information regarding your rights under the General Data Protection Regulation (GDPR) refer to https://gdpr-info.eu/chapter-3/.

NOTE: We may modify or amend this privacy notice from time to time. To let you know when we make changes to this privacy notice, we will amend the “Last Updated” date at the top of this page. The new modified or amended privacy notice will apply from that updated date. Therefore, we encourage you to periodically review this notice to be informed about how we are protecting your information.