Information Technology, Security & Privacy

The backbone of our company.

Quote Icon

Technology is constantly changing and impacting the way we live and work. WorkCare strives to be at the forefront of the ever-changing workplace and responsive to our customers’ needs. As we become even more dependent on technology, WorkCare will continue to make smart investments in information management and security systems to foster our culture of partnership to introduce new capabilities.

WorkCare takes pride in providing employers with innovative platforms, sustainable processes and security measures to protect the employees who are so important to us all.  As Chief Information and Technology Officer, I recognize the prominent role that technology is playing to shape the products and services that we offer. WorkCare’s information technology team keeps WorkCare a step ahead of the market by making our systems simple to use and providing a transparent window into our operations. Our commitment to WorkCare’s mission, vision and values is unwavering.

- Fred Peguero, Chief Information & Technology Officer (named one of the nation's top 25 CTOs by The Healthcare Technology Report in 2022)

Our Customer Service Pledge

WorkCare’s dedicated IT team will:

  • Ensure that our information management and communications systems comply with privacy laws and industry standards.
  • Support our comprehensive information security program with administrative and technical safeguards to protect the integrity of customer data.
  • Enable access to customer data via technologically advanced systems using secure and encrypted virtual machine architecture.
  • Conduct periodic audits to evaluate the performance of system configurations and mitigate any potential security threats.
Parallax Image

Privacy & Security

WorkCare meets or exceeds best practices with regard to the safe use, storage and transmission of company and personal health data. In addition to SOC 2 (see below), we comply with privacy and security provisions set forth by the Health Insurance Portability and Accountability Act, General Data Protection Regulation, National Institute of Standards and Technology, Health Information Trust Alliance and other applicable standards and organizations.

Personal Protection

We respect employees’ privacy. We collect personal data only if required to provide our services and/or comply with applicable laws and regulations. WorkCare may disclose information to partners who are contractually obligated to treat these data as confidential and private, and securely process information only for the specified purpose.

Data Storage

All WorkCare data is stored in a SOC 3 Certified, Tier 5 Platinum-rated data center. Access is enabled via secure and encrypted virtual machine architecture.

Audits

Periodic audits are conducted to ensure configurations are working properly and that security threats are sufficiently mitigated by the IT Department.

SOC 2 Security and Availability Assurance

WorkCare has successfully completed a rigorous Systems and Organization Control (SOC 2) examination. The SOC 2 exam process demonstrates compliance with security and availability criteria that apply to customers’ (user entities’) operations, regulatory and financial reporting requirements. An independent CPA firm conducted a systems and control review from May 1-Nov. 30, 2023. The following five SOC 2 criteria set forth by the American Institute of Certified Public Accountants (AICPA) were applied:

  • Security: Information and systems are protected against unauthorized access, unauthorized disclosure of information, and damage to systems that could compromise the availability, integrity, confidentiality, and privacy of information or systems and affect the entity’s ability to meet its objectives.
  • Availability: Information and systems are available for operation and use to meet the entity’s objectives.
  • Processing integrity: System processing is complete, valid, accurate, timely and authorized to meet the entity’s objectives.
  • Confidentiality: Information designated as confidential is protected to meet to meet the entity’s objectives.
  • Privacy: Personal information is collected, used, retain, disclosed, and disposed to meet the entity’s objectives.

As reported by the independent CPA, the SOC 2 examination results provide “reasonable assurance” that WorkCare meets these criteria.

Health Insurance Portability and Accountability Act (HIPAA)

HIPAA Privacy Practices Notice

WorkCare administers and may provide health care services to you and your employer. This notice describes how medical information about you may be used and disclosed, and how you can get access to this information.

Business Associate Subcontractor Agreement

This Business Associate Subcontractor Agreement governs the relationship between WorkCare, Inc., and any of its independent contractors who are Subcontractors under terms of the Health Insurance Portability and Accountability Act of 1996.

Health Insurance Portability and Accountability Act in the Workplace

This WorkCare Fact Sheet describes key privacy and security provisions of HIPAA and its association with workers’ compensation and workplace wellness programs.

WorkCare Privacy Practices

WorkCare Privacy Policy

This policy relates to information collected by WorkCare, Inc., through your use of our website and information we may receive from you through other means, including personally identifiable and non-personally identifying information. If you are located in California, please refer to our California Consumer Privacy Act (CPPA) Addendum. If you are located in the European Economic Area or United Kingdom, please refer to our General Data Protection Regulation Addendum (GDPR).

WorkCare Privacy Policy – General Data Protection Regulation Addendum

This General Data Protection Regulation Addendum supplements the WorkCare Privacy Policy. These additional disclosures are required by the General Data Protection Regulation (GDPR) and are intended for individuals located in the European Economic Area or United Kingdom.

Work Care Privacy Policy – California Consumer Privacy Act Addendum

This California Consumer Privacy Act Addendum supplements the WorkCare Privacy Policy. These additional disclosures are required by the California Consumer Privacy Act of 2018 (CCPA).

Personal Information Protection and Electronic Documents Act (PIPEDA) – Canada

PIPEDA provides safeguards to protect the privacy of employees in Canada. This is an abbreviated version. To view the complete text, visit the Office of the Commissioner of Canada website.

WorkCare Privacy Policy – Alberta and Ontario

This notice describes privacy rights under the Personal Health Information Protection Act or comparable personal information protection laws in an employee’s province of employment.

WorkCare Privacy Policy – Quebec English

This notice describes privacy rights under the Personal Health Information Protection Act and the Quebec Act Respecting the Protection of Personal Information in the Private Sector.

WorkCare Privacy Policy – Quebec French

This notice describes privacy rights under the Personal Health Information Protection Act and the Quebec Act Respecting the Protection of Personal Information in the Private Sector.