Last updated: July 26, 2018
EMSI maintains security policies and practices in its facilities and systems to protect appropriate information from unauthorized access and inappropriate disclosure, alteration or destruction. Security may include, but is not limited to, encryption, physical access security and other appropriate technologies. EMSI continually reviews and enhances security systems as necessary. Personnel failure to hold in confidence private information is subject to disciplinary process. Personnel are required to execute an acknowledgement of their receipt and understanding of EMSI's policies and procedures containing confidentiality obligations, to which they are subject. EMSI does not provide private information to the general public. EMSI does not compile or distribute mailing lists or consumer marketing data from information received from clients. EMSI does not modify or correct information obtained from other persons or organizations, since such information is not prepared by EMSI.
EMSI makes use of both session and persistent cookies on websites it owns and operates directly or operates indirectly through a third party partner. Cookies are small pieces of data that are stored by the user’s Web browser on the user’s hard drive. Cookies are utilized by websites to enhance a user’s experience and remember information such as user name, language, viewing preferences, shortcut navigation and other user preferences. On some websites under EMSI’s direct or indirect control, user’s browsing and/or buying habits are also tracked and stored in a cookie, however, at no point in time will any user medical or health information be stored in cookie data.
Server and Application Logging
EMSI Web Servers automatically collect Internet Protocol (IP) addresses which are used solely for reporting demographic information, number of visits, and in communications troubleshooting. Authentication credentials are also recorded to comply with auditing requirements and assist in investigation of customer-initiated service requests. As EMSI upgrades, enhances, modifies or maintains its systems, services and procedures, modifications may be made to this policy.
Obtaining and Sharing Information
EMSI respects the privacy of individuals while obtaining information for legitimate businesses that can demonstrate an appropriate need for the information. EMSI obtains information ordered by its clients using sources identified by clients - either the subject individual or a reputable source. EMSI obtains and discloses such information pursuant to appropriate written authorizations to gather information for, and disclose it to, its clients for the purposes of their underwriting and servicing of insurance policies, and for their other legitimate purposes authorized by law. EMSI handles such information in accordance with its clients' directions, the written authorizations, EMSI's contracts with clients, and applicable law. EMSI does not share information it obtained for a client with its other clients, unless the subject's authorization permits such.
Kinds of Information
EMSI is authorized by clients to act as their representatives in obtaining information on individuals regarding the following:
- Health history
- Medical information
- Family history
- Lifestyle character
- General reputation
- Habits, use of alcohol and other drugs
- Driving records
- Marital status
- Death records
- Civil and criminal court records
- Past and present employment and job duties
- Other insurance coverage
- Participation in hazardous hobbies or activities
Sources of such information may include various governmental agencies, medical facilities, independent consumer reporting agencies or other information exchange organizations or individuals provided for personal and business references.
EMSI does not use the information it obtains on behalf of its clients. Therefore, if a subject of information desires to opt out of having the information used for any purpose, the subject should address this option with EMSI's client when the subject provides the authorization to release information to EMSI's client. However, when EMSI makes a direct inquiry of the subject of the information, there is an opportunity presented for the subject to opt out of providing the information. In these instances, the subject need only decline to provide the requested material. In all other instances, EMSI only gathers and discloses the information pursuant to the subject's written authorization obtained by EMSI's clients.
Notice to all Users
Systems are restricted solely to authorized EMSI users and may be monitored for administrative and security reasons. All users expressly consent to such monitoring. Any use of the system must be in compliance with all EMSI policies and applicable laws. Unauthorized users or any unauthorized use will subject the user to criminal and civil penalties under applicable law.