- What encryption does NextAgency use?
- Can NextAgency personnel access financial information of my client’s employees?
- Will you communicate directly with my clients?
- What can NextAgency use client data for?
- Who owns my client data?
- Is NextAgency HIPAA compliant?
- How do you protect data from hackers?
We encrypt user’s data—from login to logout—with one of the highest encryption standards available, including 256-bit SSL encryption (the same technology that banks use to keep your account information safe). Our in-house security team regularly reviews every security aspect of NextAgency. We also keep a real-time audit log of all data access and changes made by administrators, employers, brokers’ employees and our automated system. We also use outside parties to test our security and report to us any vulnerabilities they discover. We act quickly to address their findings.
No, NextAgency will not communicate directly with your clients. Your clients are your own and NextAgency will not send out communications or marketing to them. You have complete control over what communications are sent to your clients through the NextMail, Workflows, and Email Campaign tools.
NextAgency provides you with the database for managing your clients and uses client data for that end. You are able to use client data for managing clients, benefits, tasks, create email campaigns, record commissions, and run reports. NextAgency does not use client data for any purposes other than providing you with the tools you need to save time and money.
You and your client do, not us. You give us permission to use the data to provide services, but you retain all ownership of it.
Yes. As part of the sign-up process you and your clients will sign a business associate agreement with us. We then limit access to unencrypted versions of this information to only those needing such access. Of course, our ability to protect PHI is limited to protecting the information on our service. Once it is transferred or made available to you, your agency, your clients or authorized third-parties you or they are responsible for protecting your clients’ PHI.
We can’t guarantee that information during electronic or email transmission or digital storage mechanism can never be hacked, but we take our responsibility to protect the data you and your clients entrust to us very seriously. When you or your clients enter sensitive information (such as sign-in credentials) our security protocols kick in. We adhere to among the highest available encryption standards, 256-bit SSL encryption. Data is transferred with high-grade TLS and multi-layered encryption at rest with AES-128. Encryption keys are stored separately from your data. Our employee’s access to sensitive data requires multiple authentications and is restricted to a limited number of authorized personnel performing specific tasks for our customers. When our personnel do not need access to critical data the information is either fully-or-partially redacted. For example, customer service reps will be presented with only the last four digits of an employee’s social security number whenever feasible.