HIPAA Compliance and Confidentiality of Customer Data
On August 21, 1996, President Clinton signed the Health Insurance Portability and Accountability Act, known as HIPAA. This law impacts all areas of the health care industry and was designed to improve the efficiency of health care by standardizing the exchange of administrative and financial data, and to protect the privacy, confidentiality and security of health care information.

Privacy and Security
A major concern in the law was the security and privacy of electronic health records and their transmission between health care entities. The security standards HIPAA mandates are not product-specific. They are designed to provide an industry "best practice." Security consists of more than just firewalls - organizations must ensure the confidentiality and integrity of their health records, and transmission of data must be authenticated and have the property of non-repudiation. Additionally, security policies and procedures must be documented and implemented.

At ClaimGear, the confidentiality of our customers' data is a fundamental concern, and thus we have taken a number of technological and administrative steps in order to protect such data. The ClaimGear information system has a number of security mechanisms designed to permit only the sender, recipient and ClaimGear authorized personnel to have access to the data passing through our system. In addition, ClaimGear has a policy requiring all employees to read and sign a confidentiality agreement. This agreement states that the employee understands that we process confidential data, and that the employee agrees not to directly or indirectly disclose any information in an inappropriate manner. ClaimGear aggressively enforces this and other agreements applicable to confidential data. Confidentiality obligations are also an integral part of our business and trading partner agreements with entities to which we transmit transactions or from which we receive transactions, such as clearinghouses. ClaimGear will neither pursue nor knowingly retain a customer relationship with an entity that is either unwilling or unable to comply with reasonable privacy and confidentiality obligations.

ClaimGear recognizes that the transfer of medical data must be carried out in a manner that minimizes the risks of inappropriate disclosure and that safeguards the privacy and confidentiality of data that may identify individuals in their roles as patients and consumers. ClaimGear's corporate policy is to observe all existing state and federal laws and regulations relating to the transmission, storage, and access to records and other health care data, and to maintain the security and confidentiality of patient-specific information. Therefore, ClaimGear is taking steps to comply with the relevant HIPAA regulations in advance of the mandatory compliance dates contained therein. ClaimGear's full compliance with the HIPAA regulations is expected no later than the specified compliance dates for health care clearinghouses. In addition, the ClaimGear information system is designed to help our customers and trading partners move toward HIPAA compliance by facilitating the transfer of protected health information through a HIPAA compliant information network.

ClaimGear's administrative, technical and physical safeguards are designed to maintain the integrity and confidentiality of our customers' data. These safeguards, discussed above as required by HIPAA, as well as all ClaimGear corporate policies, are continually being reviewed and updated as part of ClaimGear's ongoing effort to protect the confidentiality of our customers' data, to comply with applicable law and remain a leader in the health care technology industry.