At Delta Dental of Michigan, we take our responsibility to protect and safeguard your information very seriously.
Our strategy to secure personally identifiable information (PII), protected health information (PHI) and other forms of privacy information is multifaceted and includes:
Encrypting our data
Desktops, laptops and servers are encrypted where privacy data is stored; removable media such as thumb drives, CDs and DVDs are strictly limited to approved personnel, and all data written to those devices is encrypted; and backup tapes containing privacy data are encrypted.
Securing our locations
Employees wear radio frequency identification (RFID) security badges to access buildings and interior secured areas on the main campus; and internal and external video cameras are monitored 24/7.
Strictly governing passwords and access
Passwords are changed at regular intervals, and “strong” passwords are required; we review accounts regularly for appropriate access; access is immediately revoked on all employee terminations or separations; and two-factor authentication is in place for all privileged users.
We perform background checks on all employees and contractors prior to being granted access to systems.
Protecting our systems
Anti-virus is installed and updated on all desktops, laptops and servers; internal and external firewalls segregate Internet-facing traffic from internal, and they segregate internal users from direct access to servers; Intrusion Prevention Systems (IPS) are installed at critical “choke points” on the network; egress filtering reduces the threat of command and control malware infections; and email gateways identify and encrypt messages that contain privacy information.
Testing our security
We regularly try to penetrate and exploit our systems to make sure everything is functioning as it should and no weaknesses exist
These safeguards and more comply with guidelines issued by The National Institute of Standards and Technology (NIST) 800-53 Special Publication on Recommended Security Controls for Federal Information Systems and Organizations, the Center for Internet Security (CIS) Benchmarks, and the Department of Defense (DoD) Security Technical Implementation Guides (STIG).