Participants must register to access the secure areas of ONLIFE. Privacy and security are top priorities at ONLIFE. For that reason, ONLIFE has implemented a process that helps protect Protected Health Information (PHI), as that term is defined by the Health Insurance Portability & Accountability Act of 1996 (HIPAA 45 C.F.R. § 160 &164), contained on our site from inappropriate access. Before a Participant can access web based services, the Participant must first register to obtain site access.
Participants: Do not send e-mail containing personal information to ONLIFE. ONLIFE cannot secure personal information sent by e-mail because such information can be accessed by other Internet users. If you send ONLIFE a question by e-mail, ONLIFE’s use or disclosure of that information will be limited to the minimum necessary for responding to your question.
Information Collected During Registration
Participants can access our web site to utilize the products and services offered by ONLIFE. Before gaining access to these services ONLIFE may ask for personal information (such as date of birth, participant identification number, social security number, name, address with zip code, telephone number and e-mail address) to verify appropriate usage. ONLIFE, its employees or affiliates will not have access to your password that you create. If you receive notification by mail and did not register to access the services available on our web site, please contact ONLIFE immediately at support@OnlifeHealth.com.
Statistical Data on Website Usage: ONLIFE continually strives to enhance the features and services that are offered to our web site browsers. In an effort to determine the effectiveness and functionality of our web site, we monitor aggregated data regarding the use of our web site. For instance, we may track the number of visits to a certain page; direct links from other web sites; and frequency of usage for independent services. Although we reserve the right to share this information as indicated above, this statistical data, does not contain any personal information that could disclose the user’s identity.
Disclosure of Nonpublic Personal Information, including PHI
We restrict access to nonpublic personal information, including PHI. Information may be shared with entities (i.e. group administrators, vendors) that assist ONLIFE in providing services to our Registered Users. Information is provided to nonaffiliated third parties as required or allowed by federal and state law. ONLIFE maintains physical, electronic, and procedural safeguards that comply with federal regulations to guard nonpublic personal information.
Disclosures to Participants: ONLIFE discloses nonpublic personal information, including PHI, to Participants through the ONLIFE Portal. This information is disclosed directly to the Participant or their designated representative. Information on participant’s HIPAA member rights are available on the website, www.Onlifehealth.com. To ensure that PHI is disclosed to the appropriate Member, ONLIFE has implemented the following safeguards:
Disclosure to Employers: Onlife cannot disclose any member information including PHI and PII contained in the Health Assessment, or in any of the coaching interactions that are documented within the Onlife Health Coaching platform, directly to the employer. Only aggregate data, based on the entire employee population can be passed back to the employer.
An example of aggregate data would be the percentage of smokers vs non-smokers, or the percentage of employees that are eligible for an exercise incentive.
Disclosure to Health Benefit Plans: If your wellness benefits are provided through your health insurance plan, Onlife shares your nonpublic personal information, including PHI, to the health
Insurance plan as necessary for the health insurance plan to administer its health plan. Onlife limits the information to the amount of information reasonably necessary for the health plan to perform its function for the health plan. In addition, the health plan and Onlife have executed a Business Associate Agreement under the Health Insurance Portability and Accountability Act of 1996 that governs the sharing of PHI among the parties.
Disclosure to Third Parties for TPO: Onlife may release information to third parties for treatment, payment and operations (TPO) as allowable under the Health Information Portability and Accountability Act (HIPAA).
Disclosure of Aggregate Information: ONLIFE may disclose aggregate information to third parties. This may contain health information; however, it is not associated to a specific individual. For example, we might inform third parties regarding the number of users of our web site and the activities they conduct while on our site. Depending on the circumstances, ONLIFE may or may not charge third parties for this aggregate information. ONLIFE requires parties with whom aggregate information is shared to agree that they will not attempt to make this information personally identifiable, such as by combining it with other databases.
Retention of Information Collected
The nonpublic personal information collected and maintained from this web site will be retained for seven (7) years from the date of its creation or the date when it was last in effect, whichever is later.
A “cookie” is a mechanism that permits a web server to send small pieces of information or text through your browser to be stored on your hard drive. This information or text allows the server to identify frequent visitors of individual web sites. ONLIFE may place a cookie on your computer that will allow us to identify users so that we may enhance their experience on our web site. Our cookies are not used to track your activity on any site other than www.OnlifeHealth.com nor will they be utilized to send unsolicited e-mail or provide us with the Users personally identifiable information.
Direct Access to Other Sites
ONLIFE takes precautions to protect its Registered Users’ nonpublic personal information. When Registered Users submit sensitive information to ONLIFE, the information is protected both online and off-line. You can tell when secure mode is activated by noting a gold lock or key on your browser’s taskbar, which indicates that you are secured. Our SSL certificate is provided by Comodo (www.comodo.com).
While ONLIFE uses Secure Socket Layer (SSL) encryption to protect sensitive information online, ONLIFE protects User-information off-line, using data at rest encryption. Only employees who need the information to perform their jobs are granted access to personally identifiable information(PII). ONLIFE employees must use password-protected screen-savers when they leave their desk. When they return, they must re-enter their password to re-gain access to your information. Furthermore, all employees are kept up-to-date on ONLIFE security and privacy practices. Finally, the servers that store personally identifiable information are kept in a secure environment at the Onlife Health Corporate Offices in the United States. All databases are encrypted at rest and the ONLIFE data center is in compliance with federal regulations including HIPAA concerning privacy.
Despite our efforts to protect your nonpublic personal information, including PHI, there is always some risk that an unauthorized third party may illegally gain access to systems or that transmissions of your information over the Internet may be intercepted. If you believe someone has accessed your information without authorization, please contact ONLIFE immediately at support@OnlifeHealth.com.
Opt Out of Registration/Correcting/Updating Personal Information
If the Personally Identifiable Information (PII) of a Registered User of our services changes ONLIFE will endeavor to provide a way to correct or update that Registered User’s personal data from our registration files. To correct or update personal information, contact Onlife at support@OnlifeHealth.com or call Onlife Participant Services at 877-709-0201