Skip To Content


Change Healthcare Cyber Response

Change Healthcare is experiencing a cyber security issue. Learn more about the UnitedHealth Group response to the issue, including information on the Temporary Funding Assistance Program and options to submit claims. Learn More

Security Notice

We understand that the security of individuals' personal and health information is important. Our continued success as a leading health and well being organization relies on our ability to maintain a robust security program consistent with the ethics of privacy and confidentiality in health care delivery.

We strive to adhere to the highest standards of decency, fairness and integrity in our operations. On the Internet, we take a number of measures to authenticate your identity when you access our services. We also take steps to protect sensitive information as it traverses the Internet to and from your desktop. We take steps to make sure all sensitive information is as secure as possible against unauthorized access and use. We also review our security measures periodically. Despite our best efforts, and the best efforts of other firms, "perfect security" does not exist on the Internet, or anywhere else.

Authentication

We use different pieces of information, collectively known as access codes, to properly identify and authenticate you before allowing you secure access to sensitive information. The first piece of information is a User ID that is created from information you provided Optum in your clinician application. Along with that UserId you will receive a temporary password. Once you logged in the first time, you will be prompted to generate the final piece of information: your personal password. For further security, we store your User ID and password on an encrypted database that is isolated from the Internet and we will require you to change your personal password on a periodic basis.

Data Traversing the Internet

Our Web site uses the highest levels of Internet security. We require the use of a secure browser and use its features such as data encryption, Secure Sockets Layer (SSL) protocol, user names, passwords and other tools. The system encrypts the login information and personal information that flows back and forth between you and us.

Encryption is the process of scrambling the information so that it can only be reassembled by the intended recipient. Another person attempting to read the communication will not be able to decipher the information. We use 128 bits for this encryption, the dominant standard for the health and the financial industry, making it virtually impossible for anyone else to read it. You can tell when you are on a secure page by looking at the URL (location or address field in the browser). If it begins with "https://" rather than "http://", the page is secure.

It is not our practice to include any protected health information (PHI) in standard e-mails that we may send to you over the Internet. Likewise, you should not send standard e-mails to Optum that contain member PHI. To respond to you regarding personal or sensitive matters, we may call you or send you an unencrypted e-mail with a response that does not contain member PHI. While this is not always convenient, it is done to protect sensitive information.

Logout and our Timeout Feature

We make use of a secure login and typically advise you to log out of our Web site as soon as you are finished with your access.

We also use a timeout feature to protect you further. After an extended period of inactivity at our Web site, we will log you out automatically.

Data Within our Walls

The personal information our Web site collects is stored in secure operating environments that are not available to the general public. We employ mechanisms to protect data within our organization. Multiple firewalls protect our computer systems and information contained within those systems. Firewalls are filters or selective barriers that block access and allow only authorized traffic through. We often use layers of firewalls, so even if one firewall is breached, another layer of protection would exist.

We also use system and application logs to track all access. We review these logs periodically and investigate any anomalies or discrepancies.

Within our organization, we base access to third-party member information on the sensitivity of the information and our employees' need-to-know. We authorize employees and representatives to use available sensitive member information for authorized business purposes only. Each employee receives a code of conduct that details our requirement for our employees when using this information. Any violation may result in disciplinary action up to and including termination.

Additional Security Suggestions For You

Although your own security program is, must and should remain your own responsibility, we offer the following suggestions:

  • Eliminate cached (i.e.temporarily saved) pages before leaving a shared or public computer, at a library or an Internet cafe.We recommend that you close the browser you were using before leaving the computer.
  • Protect and never share your access codes with those who do not have a right to use them. Do not be duped by malicious e-mails asking for your password. This is a well-known ploy designed to trick you into sharing your password.
  • Always complete an online session and log out when finished. Be sure to do so before leaving your computer. It is quick and easy and may save your account from unwanted trespassers.
  • Make sure that you are using an up-to-date version of Internet software (such as Netscape Navigator or Microsoft Internet Explorer). Versions that are more recent often have enhanced security protection.
  • If using a browser such as Internet Explorer 5.0 or greater, turn off the AutoComplete feature. This feature remembers member User IDs and passwords, as well as other information you type into web pages that contain forms. When the browser encounters this form again, it will prefill the form with your answers from the last time you accessed the site. This feature could let other users of your computer log in as you.
  • If using Internet Explorer 5.0 or greater, set your temporary browser file setting to refresh your web pages once every browser session. Change this setting prior to logging in, then close and restart your browser.
  • We take the security of individual's personal and health information seriously. We know you do too. As you delegate access to this site to other personnel in your organization, please follow the guidelines listed below:
    • Allow access only to personnel who have a legitimate business need to use secured portions of Provider Express.
    • Monitor on a regular basis who within your organization has access to Provider Express.
    • Advise all users they are bound by the terms of the Web site Use Agreement.
© 2024 Optum. All rights reserved.

Privacy | Terms of Use

Note: Adobe Acrobat Reader is required to view and print PDFs