Privacy Statement
Thank you for visiting The Phia Group (“TPG”) website and reviewing our privacy and security statement.
TPG’s information systems are the exclusive property of TPG and are used for approved business purposes only. This includes but is not limited to computer equipment; hard drives; printers; peripherals; software and operating systems; telephones; and network and/or internet-related accounts providing electronic mail (“email”), browsing, newsgroup access, social networking access, and/or file-transfer capabilities.
TPG takes its commitment seriously to protect the privacy of information and the security of information systems; protect, and not share, credentials used to access information systems; and safeguard all confidential and protected information, including but not limited to protected health information (PHI), personally identifiable information (PII), proprietary/trade secret information, and competitively sensitive information (CSI).
TPG is committed to maintaining the privacy of your personal information and the security of our computer systems. With respect to the collection, use and disclosure of PII, TPG makes every effort to ensure compliance with applicable federal law, including, but not limited to, the Privacy Act of 1974, the Paperwork Reduction Act of 1995, and the Freedom of Information Act and applicable U.S. state privacy laws. TPG ensures compliance with applicable federal law, including but not limited to, The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), The Americans with Disabilities Act (“ADA”), and The Affordable Care Act (“ACA”).
As a general rule, TPG does not collect personally identifiable information when you visit our site unless you choose to provide such information. The information we collect varies based on what you do when visiting our site.
Children’s Privacy
Our Services and our website are not intended for use by individuals under the age of eighteen (18). We do not knowingly solicit or collect any information, including PII or PHI, from anyone under the age of 18.
Security
Our Services have security measures in place to help protect against the loss, misuse, and alteration of the data under our control. When our site is accessed SSL technology protects information using both server authentication and data encryption to help ensure that data is safe, secure, and available only to you. TPG also implements an advanced security method based on dynamic data and encoded session identifications, and hosts the site in a secure server environment that uses a firewall and other advanced technology to prevent interference or access from outside intruders.
HITRUST Certification
HITRUST CSF Certified status demonstrates that The Phia System™ has met key regulations and industry-defined requirements and is appropriately managing risk. This achievement places The Phia Group, LLC in an elite group of organizations worldwide that have earned this certification. By including federal and state regulations, standards, and frameworks, and incorporating a risk-based approach, the HITRUST CSF helps organizations address these challenges through a comprehensive and flexible framework of prescriptive and scalable security controls.
ISO 27001:2013 Certification
ISO 27001:2013 is the international standard that provides a framework for Information Security Management Systems (ISMS) to provide continued confidentiality, integrity and availability of information as well as legal compliance. ISO 27001 certification is essential for protecting our most vital assets like employee and client information, brand image and other private information. The ISO standard includes a process-based approach to initiating, implementing, operating and maintaining our ISMS.
SOC 1 Type II
A SOC 1 audit, or System and Organization Control 1 engagement, is an audit of internal controls at a service organization that may affect our clients’ internal control over financial reporting (ICFR). A SOC 1 audit report provides user entities with reasonable assurance and the peace of mind that the controls at a service organization are operating effectively and appropriately protecting client data. The SOC 1 Type II reports on the description of controls provided by management of the service organization, attests that the controls are suitably designed and implemented, and attests to the operating effectiveness of the controls.
If you respond to an online request for personal information, the information requested will be used to respond to your inquiry or to provide you with the service associated with the request. If you choose to submit PHI and/or other PII via the TPG website, and/or tools accessible via the website, this information will be protected in accordance with applicable law and, except as we explicitly state at the time we request said information, we do not disclose to third parties or otherwise misuse the information provided.
If you visit our site to read or download information, we collect and store the following information:
- The name of the domain from which you access the internet.
- The date and time you access our site.
- The internet address of the website from which you directly linked to our site.
This information is used by software programs on our website to collect summary statistics that allow us to assess the number of visitors to the different sections of our site, identify what information is of most and least interest, determine technical design specifications, monitor system performance, and help us make our site more useful to visitors.
If you identify yourself by sending an email or submit a form containing personal information (an electronic message), this information is used solely to achieve the purpose for which you submitted said information.
If you link to other sites outside The Phia Group; our website may feature links to other sites. When you link to any of these sites, you are no longer on our site and are subject to the privacy policy of the new site.
Website Security
Do not submit any PHI, including information regarding past, present, or future medical services, the date or type of services provided, or payment for such services that identifies, or may be used to identify, you or another individual or any other type of confidential information through our website. If you have questions regarding a communication you received from TPG, please contact our Customer Service Representatives toll-free at 888-986-0080.
Social Media and Third Party Sites
In addition to the TPG official website, TPG uses social media and third-party sites to provide content in a different format that may be useful or interesting to you. Please note, however, that TPG maintains no control over, and thus cannot be held liable for, content or any exchange of information arising from the use of said sites.
Google Analytics
TPG uses Google Analytics and, if you are logged in, may also use its User ID function to track the pages of the Application you open. TPG only compiles and analyzes this collected data, and does not provide Google with your personal information.
Third-Party Sites
The Services may contain links to other websites. TPG is not responsible for the privacy practices or the content of these other websites. Customers and visitors will need to check the policy statement of these others websites to understand their policies. Customers and visitors who access a linked site may be disclosing their private information. It is the responsibility of the user to keep such information private and confidential.
Cookie Use Notice
Cookies are small files that web servers place on a user's hard drive. They can serve several functions, depending upon how they are designed:
- They allow the website to identify you as a visitor each time you access a site;
- They track what information you view at a site (important to commercial sites trying to determine your buying preferences);
- In the more advanced cases they track your movements through many websites but not the whole web;
- Businesses use them for customer convenience to allow them to produce a list of items to buy and pay for them all at one time and to garner information about what individuals are buying at their sites;
- Advertisers use them to determine the effectiveness of their marketing and offer insights into consumer preferences and tastes by collecting data from many websites; and,
- They can be used to help a website tailor screens for each customer's preference.
Some TPG pages have "session cookies" to facilitate use of that particular page. These disappear when the web user terminates a web session and closes the browser. TPG also permits the use of persistent cookies for the collection of web metrics; however, TPG does not collect any personally identifiable information about visitors to our webpages in this fashion.
In addition to TPG’s use of cookies, we use a third party that uses cookies on our website for purposes that may include the following:
- Identify visitors to our website and allow us to fulfill requests or offer goods or services to those visitors,
- Helps our website work more efficiently,
- Store information about the preferences of website visitors,
- Customize content offered by our website; and
- Protect our website from malicious activity.
Here is a list of the cookies that may be used by the third party on our website:
| Cookie Name | Expiration |
|---|---|
| rbSession | 1 day |
| mcfxNumberSwap | 2 years |
| fx_referrer | 1 week |
| fx_count | 2 years |
| mcfxVSID | 10 minutes |
| gclid | 1 week |
| fx_uuid | 2 years |
| fx_count | 2 years |
| utm_source | 1 day |
| utm_medium | 1 day |
| utm_segment | 1 day |
| utm_campaign | 1 day |
| fx_document_title | session |
| mcfxUTM | 1 day |
| mcfxCookiesVersion | 2 years |
| _fx | 10 years |
| fx_info | 1 week |
If you are concerned about the potential use of the information gathered from your computer by cookies, you can set your browser to prompt you before it accepts a cookie. Most internet browsers have settings that let you identify and/or reject cookies.
For security purposes and to ensure that this service remains available to all users, our website also employs software programs to monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage.
Unauthorized attempts to upload information or change information on this service are strictly prohibited and may be punishable under the Computer Fraud and Abuse Act of 1986 and The National Information Infrastructure Protection Act of 1996.
Additional Information
Questions regarding this Statement or the practices of the Services should be directed to TPG’s Security Administrator by emailing such questions to InfoSecCommittee@phiagroup.com.