Contractor sites.
Current and former USPS employees and their dependents that voluntarily opt-in to use USPS Health Connect.
- User profile information: Name, date of birth, email, gender, phone, internally assigned identifier, username, physical address, employee identification number (EIN), contact information, customer ID(s), text message number, date of account creation, method of referral to website, date of last logon, and authentication method preferences.
- User preferences for communications: Frequency and channel opt in/opt out and preferred means of contact for service alerts and notifications, and language.
- Online user information: Internet Protocol (IP) address, domain name, operating system versions, browser version, date and time of first and last connection, and geographic location.
- Identity verification information: username, user ID, email address, text message number, and results of identity proofing validation.
39 U.S.C. 1003, 1004, and 1201-1209.
- To provide administrative support to assist end users with technical questions and issues.
- To provide account management assistance.
- To provide account security and to deter and detect fraud.
Standard routine uses 1–9 and 11 apply.
Automated database, computer storage media, and digital files.
For System administrators and\u2044or customer service representatives, by internally assigned identifier, or end user account details such as name, phone number, etc. to assist end users with access\u2044use of USPS Health Connect and to understand and fulfill end user needs.
Contractor site utilizes a Cloud Infrastructure under Agency Authorization to Operate (ATO) using a FedRAMP accredited Third Party Assessment Organization (3PAO) for selected Cloud Service Provider services. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. All physical access to data centers by contractor employees is logged and audited routinely.
Encryption and Data Security uses Federal Information Processing Standards (FIPS) compliant encryption, secure certificates for Client and Server communication authenticity, session protection certificates for end to end protection, multiple layers of protection for data confidentiality and integrity, hashes and password storage encryption, and block level encryption for the data volumes. Customer support personnel have minimum access to user profile records.
- Records stored in digital service are retained until (1) the end user cancels the account, (2) six years after the end user last accesses their account, (3) until the relationship ends, or (4) after reasonable notice has been provided to the end user to export their account information in the event the agreement is terminated.
- Records existing on computer storage media are destroyed according to the applicable USPS media sanitization practice.
Chief Information Officer and Executive Vice President, United States Postal Service, 475 L’Enfant Plaza SW, Washington, DC 20260.
Individuals wanting to know if information about them is maintained in this system must address inquiries in writing to the system manager. Inquiries must include full name, date of birth, physical address, email address, username, and other identifying information, if requested.
Requests for access must be made in accordance with the Notification Procedure above and USPS Privacy Act regulations regarding access to records and verification of identity under 39 CFR 266.6.
See Notification Procedure and Record Access Procedures above.
Individual end user.
