Information Technology & Security

The backbone of our company.

WorkCare has a dedicated Information Technology team. We commit extensive resources to ensure our information management systems and communications platforms are sound, secure and in compliance with state-of-the art technology and industry standards.

WorkLink

WorkLink is our proprietary, hosted case management system. The core framework features widely adopted Microsoft technologies. The platform accommodates a broad spectrum of applications and requirements, and it facilitates the addition of new features and functionality over time. Users access WorkLink via a password protected web portal.

Privacy & Security

Ensuring the privacy security of all client and employee data is of paramount importance. Our IT Department ensures that WorkCare meets or exceeds industry best practices with regard to the safe use, storage and transmission of company and personal health data. IT policies and procedures are monitored and updated to comply with the Health Insurance Portability and Accountability Act (HIPAA), General Data Protection Regulation (GDPR), HITRUST, NIST and other IT security standards.

Personal Protection

We collect personal data only if required to provide our services and/or comply with applicable laws and regulations. WorkCare may disclose information to partners who are contractually obligated to treat these data as confidential and private, and securely process information only for the specified purpose.

Data Storage

All WorkCare data is stored in a SOC 3 Certified, Tier 5 Platinum-rated data center. Access is enabled via secure and encrypted virtual machine architecture.

Audits

Periodic audits are conducted to ensure configurations are working properly and that security threats are sufficiently mitigated by the IT Department.

We're HITRUST-Certified

WorkCare expects to receive HITRUST certification for its protected health information data environments in early 2020. HITRUST, or the Health Information Trust Alliance, maintains the Common Security Framework for compliance with information security and privacy regulations and industry standards.

Our HITRUST audit, conducted by a HITRUST Alliance CSF Assessor, covered 19 domains and related control requirements:

  • Information Protection Program
  • Endpoint Protection
  • Portable Media Security
  • Mobile Device Security
  • Wireless Protection
  • Configuration Management
  • Vulnerability Management
  • Network Protection
  • Transmission Protection
  • Password Management
  • Access Control
  • Audit Logging & Monitoring
  • Education, Training & Awareness
  • Third Party Security
  • Incident Management
  • Business Continuity & Disaster Recovery
  • Risk Management
  • Physical & Environmental Security
  • Data Protection & Privacy

HIPAA

Business Associate Subcontractor Agreement

This Business Associate Subcontractor Agreement governs the relationship between WorkCare, Inc., and any of its independent contractors who are Subcontractors under terms of the Health Insurance Portability and Accountability Act of 1996.

Health Insurance Portability and Accountability Act in the Workplace

This WorkCare Fact Sheet describes key privacy and security provisions of HIPAA and its association with workers’ compensation and workplace wellness programs.