Emergency Contact Data (ECD) uses its best efforts to safeguard each member’s profile information. The ECD web site resides at a major hosting company that is recognized for its security expertise, and is supported by a hosting infrastructure that is protected with multiple levels of security appropriate for the storage of sensitive, confidential medical information. All data content within the site and database is backed-up daily and continual data access is assured, but not guaranteed through the use of redundant storage network technology.
Passwords and Security
Member information is encrypted using enhanced SSL when transmitted and is stored on a secure PCI DSS (Payment Card Industry Digital Security Standards) compliant web server at a high-security enterprise-level hosting company.
Credit Card information is stored separately, at the PCI DSS compliant payment processor.
Emergency Contact Data has been validated as compliant by Trustwave, a leader in PCI DSS. All hosting is supported by high-security firewalls. Trustwave performs regular server scans, monitors the security update requirements of the server, and alerts ECD and its hosting company of security updates requiring immediate implementation.
ECD does not ask its members for their personal identifiers such as date-of-birth, driver’s license or social security numbers nor does ECD store credit card numbers. Hackers will not benefit from attacking ECD.
Each member’s password is encrypted when stored on the server and is known only to the member. Information disclosure prevention and data compromise procedures are in place.
ECD provides the option for members to exclude their physical address from the profile information the First Responders see. This feature is for those that wish not to divulge this information about themselves and / or their children.
Privacy and Personal Information
ECD will not sell or share customer demographics with third parties.
ECD may use general member demographics and statistics for its own marketing purposes. It is understood that ECD will communicate with its members.
ECD is given permission by way of its Terms and Conditions to display member information and for this information to be passed to all concerned parties.
Emergency Contact Data falls outside of The Health Insurance Portability and Accountability Act of 1996, (HIPAA) and the Texas Privacy Act. Think of ECD as a diabetic bracelet that alerts others to their diabetic condition. As such, ECD gives its members the ability for them to show someone their medical information, such as a diabetic alert.
ECD Employee Benefit Plan: An employer does not have access to an employee’s member ID or password and cannot access or view any personal or medical information of their employees. All employee member information belongs solely to the employee, is independent of the employer, and is transferrable by the member for payment by the individual or another company, should they leave their employer.
It is the responsibility of each member to safeguard his or her personal information; this includes the use of eight to eleven character passwords composed or CAPITAL and lowercase letters, numbers, and special characters. For example, Sp3c!aL, spells special.
It is implicit in the service that ECD provides that the member has given his or her permission to display their contact and medical information to anyone that has access to the ECD member’s number and name as it appears on the ECD ID Card and Tag. Additionally, a member’s profile that is intended for use by first responders is available to anyone that has access to the Emergency Contact Data mobile application that has been installed by the member on a mobile device for the purpose of presenting this information to emergency personnel.
It is understood that the ECD member or the member’s guardian entered the contact and medical information provided in the Contact and Medical Profile for use in the treatment rendered by first responders in an emergency situation. The ECD website and mobile applications act only to facilitate the presentation of information by its members who have sole responsibility for the accuracy of any posted information.