Our Consumer Protection Program was put in place to hold us and all applicable vendors accountable. The program’s key components help ensure the protection of our customers’ private and financial information.
TASC has put the following systems, processes, and people in place to warrant us a vendor of choice among our customers across the nation.
Card Data Security
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that a secure environment be maintained by all companies that process, store, or transmit credit card information. To that aim, TASC has compiled a comprehensive procedure to ensure that we are in compliance and remain so. Increased encryption within our system, enhanced firewalls, numerous written policies, and new login procedures for online account access have been implemented to meet PCI DSS requirements.
The Red Flags Rule (RFR) requires that certain businesses and organizations develop, document, and implement extensive procedures to protect consumers from identity theft. Any creditor or financial institution that allows covered accounts must implement a program to address the federally-mandated Red Flags Rule. Since TASC Plans include claim cards, we are considered a creditor and must comply.
Red Flag procedures at TASC facilitate the following: (1) identification of patterns, practices, or specific activities considered red flags, (2) development of strategies for detecting the red flags, (3) planning responses to the detection of a red flag, and (4) establishing a comprehensive system for evaluating the success of our program and maintaining it in the future.
Fraud, Fees and Funds
The Statement on Standards for Attestation Engagements No. 16 (SSAE 16) Type II audit, established by the American Institute of Certified Public Accountants (AICPA), is not required for privately held companies such as TASC. Nonetheless, TASC successfully completes this audit on a bi-annual basis. A private accounting and auditing firm performed the process control examination, an in-depth, six-month procedural audit of our controls over information technology, privacy, security, and related transactional processes.
In addition, TASC staffs a permanent internal auditor. This auditor oversees all TASC internal controls related to human resources, administrative processes, and technology.
Health Insurance Portability & Accountability Act
The Privacy Rule of the Health Insurance Portability & Accountability Act (HIPAA) provides privacy guidelines for individuals and organizations such as physicians, nursing homes, health insurance companies, and Medicare. The guidelines cover how these entities may use and disclose Protected Health Information (PHI) or data that can directly or indirectly reveal a patient’s identity. As a business associate to our Clients, TASC is also responsible for protecting Participants’ PHI.
The HIPAA Security Rule expands on the Privacy Rule, and specifically addresses measures to safeguard PHI in an electronic format that protects it from distribution to unauthorized recipients. Besides using encryption software to protect emails, TASC includes an email disclaimer with all electronic messages.
The Gramm-Leach-Bliley (GLB) Act, also known as the Financial Modernization Act of 1999, is a federal law enacted to control the ways in which financial institutions deal with an individual’s private information. The Act consists of three sections. (1) The Financial Privacy Rule regulates the collection and disclosure of private financial information. (2) The Safeguards Rule stipulates that financial institutions must implement security programs to protect private financial information. (3) Pretexting provisions prohibit the practice of pretexting (accessing private information under false pretenses). The Act also requires that financial institutions provide customers written privacy notices which explain their information-sharing practices. Because TASC holds Participant funds and maintains financially-related information (such as bank account and routing numbers for Clients and Participants), we must comply with this Act.
Across the nation some states have enacted their own laws regarding the security of their residents’ private identifiable information, further protecting them from identity theft. TASC complies with these individual state regulations, as pertinent, as well.
Our Confidentially Speaking program guarantees TASC employees, customers, and vendors a means to safely and anonymously communicate with management regarding sensitive information. It is administered by an outside source to ensure confidentiality.
Confidentially Speaking provides employees, customers, and vendors with an anonymous reporting hotline. Individuals are encouraged to promptly report serious problems or concerns such as the occurrence of unacceptable activity and unethical behavior within our organization. Specific topics include auditing concerns, conflict of interest, falsification of information, theft, fraud, and more. Issues are investigated and escalated as necessary and appropriate. Comments and feedback provided via Confidentially Speaking are taken seriously and may directly affect the success and culture of our organization. Click here to learn more about our Confidentially Speaking program.
At TASC we know how vital it is that we ensure adequate controls and safeguards are in place, just as they should be for each and every service organization which hosts or processes data belonging to their customers. We believe our Consumer Protection Program demonstrates our commitment to excellence.