AccessLine Protection of Customers Personal Information Summary

AccessLine Protection of Customers Personal Information (CPI) Summary
AccessLine places the highest priority on protecting Customer Personal Information. AccessLine has developed and maintains a set of processes and procedures to secure and control customer’s personal information (CPI) which includes:
● Subscriber name
● All credit card information (number, expiration date and billing address)
● Address
● Phone number
● Email address
● IP address
● Call history
● Fax and voicemail

NOTE: It is AccessLine’s policy to NOT collect or have access to customers’ social security number, driver license number or other information not listed above.

AccessLine’s controls have been designed to comply with Federal, State and Industry regulations. These regulations include (but are not limited to):
● Sarbanes-Oxley IT,
● Payment Card Industry (PCI) Data Security Standard,
● FCC Customers Proprietary network Information (CPNI),
● Massachusetts Regulation 201 CMR 17.00 (Personal Information Data Security)

Regarding HIPAA (Health Insurance Portability and Accountability Act) requirements, AccessLine is not a “Covered Entity” or “Business Associate” as defined by the HIPAA regulations; therefore HIPAA requirements do not apply to AccessLine’s network. AccessLine simply provides a connection for you to transfer voice and data communications. It is your responsibility, however, to ensure that the applications used and the methods in which you transfer information over AccessLine’s connection are done in compliance with the HIPAA requirements. If you use AccessLine’s fax or voicemail service, you could & should incorporate their service into your privacy and security plan for HIPAA and be compliant. AccessLine simply provides a service or tool that can be used (securely) to meet Personal Information Security Regulations like Massachusetts Regulation 201 CMR 17.00 or HIPAA.

AccessLine’s processes to secure and control their customers’ personal information include the following:
● Documented employee policy that clearly identifies illegal use of CPI is a crime and cause for termination.
● Limiting access of CPI to small set of authorized employees.
● All access to CPI information requires login and password authorization.
● Review of all employees who have CPI access on a monthly basis.
● No storing of CPI in unsecure system, including but not limited to e-mail, web server logs, paper or notepads and unsecure computers or laptops.
● CPI information is never allowed to leave the facilities, except via secure courier to offsite storage.
● All CPI information is located on secure network server that is isolated from public network.
● Standard network architecture and security is employed to prevent access to internal network, including but not limited to firewalls, DMZ and security patch maintenance.
● Quarterly audit of network security by third party (PCI authorized) vendor.
● Transmitting of CPI to third party vendors is via secure private network.

AccessLine’s commitment to Customer Personal Information security is one of their highest priorities.

http://www.accessline.com

Comments are closed.