Keeping your data secure
As a trusted benefits partner, Benefitfocus has implemented multiple levels of controls at the application, system and procedural levels to ensure the security and privacy of the personal data entrusted to us by our associates, customers and partners.
What we do
Security is our top priority
We protect your sensitive company and member data using strict security standards and privacy controls. Through continuous investments in processes, tools and technologies, our Security team ensures your platform is safe in every way.
Practices and policies
Our backup protocols have backup protocols
Embedded layers of controls ensure the protection of your applications, systems and data environments. We use security policies and practices that are backed up, integrated, and redundant.
Third-party audits
Inspiring consumer confidence
Benefitfocus consistently demonstrates an ability to provide services and information security that meets and exceeds client service levels and applicable regulatory requirements. Don’t take our word for it, trust in our accredited third-party audits performed regularly to make sure that your data is protected.
We're certified
Maintaining valuable security certifications is a requirement
Our commitment to security excellence is best shown through our many certifications and accreditations, which extend beyond what you see here.
We've got a plan
Incident management and disaster recovery processes
Benefitfocus maintains, follows and exercises documented incident response policies consistent with NIST guidelines for computer incident handling and complies with data breach notification terms applicable to State and Federal laws and regulations. Benefitfocus monitors for and investigates potential unauthorized access, use and disclosure of data and is prepared to execute appropriate response plans upon incident discovery.
Every year, we perform an extensive evaluation of our business operation, security programs and supporting infrastructure. We use these results to directly inform our business continuity plans, which include roles, responsibilities, activation, response, recovery, reconstitution and ongoing validation of our environments.
Because our environments are fully redundant, our systems are highly available and protected from system events, such as hardware failures related to natural disasters. As part of our ongoing modernization efforts, planning is underway to expand our current on-prem data centers to include Amazon Web Services (AWS) public-cloud environment. Our expansion to AWS will deliver enhanced benefits – including faster delivery, reduced planned downtime, increased scalability and broader access to cutting-edge technologies. Most importantly, our customers will have the same security standards, privacy and compliance protection they expect today, with even greater capabilities inherent in AWS.
Better than the standard
Data security that meets HIPAA standards
As a Covered Entity and a Business Associate to many of our customers, Benefitfocus treats all Protected Health Information (PHI) with the utmost care. We have implemented technical, physical, and administrative safeguards recommended by industry regulators, as well as those required by applicable Health Insurance Portability and Accountability Act (HIPAA) legislation. To further meet HIPAA security requirements, Benefitfocus also takes every precaution to protect its network, hardware and software from viruses, malware, adware, attacks, and other forms of intrusion.
The latest news about Benefitfocus
What's happening with benefits now?
We’re changing the way people buy and access their benefits and the world is taking note! Read up on the latest about Benefitfocus in the articles below.
Report a security concern
If you've seen something that you'd like for the Benefitfocus security team to review, please let us know.