Ensuring Data Security at Basic Payroll
HIPAA Compliance
Each of our administration software vendors offer encrypted and secured web sessions, data storage and data transmission for full protection of personal health information, personally identifiable information and when applicable debit card account information.
Our payroll service provider offers bank-level encryption, making it more secure than industry-standard payroll service security.
Our ongoing security and privacy awareness training program provides all our employees with clear and concise instructions for accessing, storing, transmitting and safeguarding PHI.
We have an attorney on retainer to work with us to ensure we are meeting all legal requirements regarding security and privacy.
Our Business Associates Agreement (BAA) reflects the HIPAA changes put into effect through ARRA/HITECH, specifically to state our responsibilities with regards to a PHI breach.
Data Security and Continuity Measures
In addition to supporting encrypted FTP and secure FTP for data exchange, recently we implemented a secure transfer website to allow our clients and business partners to securely submit data to Basic Payroll and for Basic Payroll to securely send files to our clients and business partners.
A thorough data security assessment of the potential risks and vulnerabilities of our systems is performed annually by a third-party security assessment firm.
We operate a full data backup and redundancy and have 100% emergency power generator backup to enable the continuation of critical business functions.
We utilize a secure data destruction program for all paper documents containing personally identifiable information.
To speak with a representative to learn more about our security and your data, contact Basic Payroll today.
Privacy Statement
Basic Payroll is dedicated to protecting the client information we use to provide services. It is Basic Payroll’s responsibility to guard the individually identifiable information and other nonpublic personal or financial information of our clients. This is an overview of our commitment to our practices in protecting the privacy and confidentiality of Individual information that we collect, maintain, and use while administering services for our clients. For some of our services, Basic Payroll creates, maintains, and transmits protected health information (PHI), as defined by HIPAA, on behalf of our clients, Basic Payroll has put in place additional administrative, physical, technical and procedural safeguards to protect the confidentiality and integrity of PHI as well as all personal information.
Protecting Information
We work to protect your information by using industry-recognized security safeguards along with carefully developed security procedures and practices. We maintain physical, electronic, and procedural safeguards that comply with applicable laws and federal standards. We use both internal and external resources to review our security procedures.
We do not disclose any non-public personal information about our clients or former customer clients to anyone, except in strict adherence as permitted or required by law.
We limit the collection and use of customer information to the minimum we require to deliver superior service to our clients, which includes advising our clients about our products, services and to administer our business.
Our employees are trained and required to safeguard your information. We ensure that employees comply with our established privacy policies and procedures, which exist to protect the confidentiality of individual information. Employees will access information only on a business need-to-know basis. We educate our employees on the importance of confidentiality and privacy. Employees who violate our privacy policies will be subject to our disciplinary process.
We do not reveal individual or client information to any external organization unless we have previously informed the customer in a disclosure or an agreement, have been authorized by the client or individual, or are required by law.
Whenever we hire other organizations to provide support services, we will require them to conform to our privacy standards and allow us to audit.
Information Uses
We do not use or share personally identifiable health information for any purpose other than the administration of an individual’s account; as disclosed to the individual when the information is collected or to which the individual consents.
We summarize information about individual clients and we also combine that information with that of others in a way that does not identify a specific client individually to understand how our products are used and to deliver products and services.
We may use third parties to provide products and services who are not allowed to use your information for their own purposes.
We do not sell or rent your personal information to anyone for any purpose.
Information We Collect
We collect financial data such as credit/debit card and bank account information for payment of fees or in conjunction with the administration of our products and services.
We collect benefit information for our products and services, including personal identifiers.
We collect information about your system as it interacts with us such as your IP address and browser information.
We use common Internet technologies, such as cookies and Web beacons to manage our websites and services, advertising, and e-mail programs.
We may collect user feedback, community discussions, chats, and other interactions, such as surveys.
We may obtain additional information about you, such as demographic information, from commercially available sources.
Your Access and Control Over Information
You may opt out of any future marketing and/or sales contacts from us at any time.
Contacting us via the email address or phone number given on our website to obtain the following information:
- See what data we have about you, if any.
- Change/correct any data we have about you.
- Express any concern you have about our use of your data.
- Due to the products and services we provide, your data cannot be deleted in order to continue to service.
Security
We take precautions to protect your information. When you submit sensitive information via the website, your information is protected both online and offline. Whenever we collect sensitive information (such as credit card data), that information is encrypted and transmitted to us in a secure way.
While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment.
Rights of California Residents
Even though you use our services while acting as an employee or client contact, if you live in California, California law gives you the right to ask if we disclose your personal information to third parties for their direct marketing purposes (we do not disclose your personal information for others’ direct marketing purposes). It also gives you the right to ask if we sell your personal information to third parties (we do not sell your personal information and have not done so in the past), and if we did (which we don’t), you’d have the right to opt-out of such sales.
Because HR data is collected by Basic Payroll for the business purpose of administering benefits and services, Basic Payroll is not legally permitted to delete it. CCPA’s data deletion requirement applies only in limited circumstances and does not apply to data that Basic Payroll utilizes for benefit administration and services, which are subject to the Gramm-Leach-Bliley Act and/or the Health Insurance Portability and Accountability Act of 1996. Additionally, the CCPA is preempted by ERISA as the law relates to employer sponsored benefit plan data not covered by HIPAA.
Updates
Our Privacy Policy may change from time to time and all updates will be posted on this page. Please contact us at 888-920-7707 if you have questions about this privacy policy.