Privacy Policy

KEPRO is committed to protecting the privacy and security of our web site and email subscribers. To better protect the privacy of visitors and subscribers, we provide this notice explaining our online information practices and the choices you make about the way your information is collected and used. KEPRO may occasionally update this privacy policy. Notice of revisions will be posted here. We invite you to contact us if you have questions about this policy.

You can contact us by mail at:

777 East Park Drive
Harrisburg, PA 17111
You can contact us by email at

Dispute Resolution

If you think we have not followed our privacy policy in some way, we can help you resolve your concern. Please contact us through one of the options listed in the above section to settle privacy policy disputes.

Data Collection

Computer Information and Site Usage

Web server logs are maintained for this web site to analyze our site usage and to improve our web site administration, navigation and services.


Cookies are a technology which can be used to provide you with tailored information from a web site. A cookie is an element of data that a web site can send to your browser, which may then store it on your system. You can set your browser to notify you when you receive a cookie, giving you the chance to decide whether to accept it. This web site is used as a repository of information about KEPRO, our mission, projects, and services for industry professionals and the general public. KEPRO uses cookies to enhance this web site, and identify returning users.

Forms, Applications, and Registration

KEPRO collects information when you complete a form or application, register for a program, or print or downloadable resources. This information can include:

  • Your name
  • The company you work for
  • Your title
  • Your postal mailing address
  • Your email address
  • Your telephone number

This data will be used to complete your request. We also use this information to improve our delivery of our products.

Items requested may be shipped to a provided address. Address and phone numbers may be provided to our shipping provider to complete the order. In some cases, a third-party distributor, manufacturer, or fulfillment service may ship the product directly, and the same information will be provided with your order so they can complete the shipment. We do not sell or share your information with anyone else, ever.

Provider Login

When you log in to our site or download information from our site, we may collect information regarding page access, site usage, and demographics based on your login ID. We use this information to improve our services to providers.


All content contained on, including all logos, images, icons, graphics, video clips, digital downloads, and software is the property of KEPRO and our vendors, partners, and affiliates. All content is protected by both United States and international copyright laws. We allow you to view, download, and print content from our web site for informational purposes only. You may not reuse the content for personal or commercial use. Any other use of the content on our web site, including any commercial use, reproduction for purposes other than described above, modification, distribution, republication, display, or performance without prior written permission of KEPRO is strictly prohibited.

To inquire about receiving written permission to use any portion of content on this site, contact KEPRO at


KEPRO logos and the products and services described on our web site are trademarks or registered trademarks of KEPRO and our vendors. Therefore, it is not permissible to copy, imitate, or use, in part or in entirety, without written permission of KEPRO and our vendors, partners, and affiliates. All other trademarks, registered trademarks, product names, company names, and company logos appearing on the site are the property of their respective owners; KEPRO has obtained written permission to use these on our site. You must obtain written permission from them to use their trademark(s).


Our web site contains links to other web sites. KEPRO is not responsible for the privacy practices or the content of those web sites.

Find an Answer

Please describe KEPRO data security that ensures member information is protected.

As an organization that is charged with storing and transferring Protected Health Information (PHI), KEPRO is bound by HIPAA regulations, and is accustomed to managing the security and privacy of PHI. KEPRO currently exchanges data successfully and confidentially via secure encrypted means in support of all of our federal, state, and local government programs, and with commercial clients.

KEPRO has been implementing and supporting systems that require medical record, data security, and transmission for more than a quarter of a century, and has always placed primary importance on using systems that allow for fast and efficient connectivity, while still providing the highest level of data and system security. Our proven internal and external policies and protocols ensure compliance with state and federal laws and regulations, as well as any additional security measures you may require.

We have a stringent KEPRO Comprehensive Confidentiality Plan that governs our processes. KEPRO’s Privacy Officer, Security Officer, and the Compliance Officer have ultimate responsibility for oversight of the processes and procedures contained in the KEPRO Comprehensive Confidentiality Plan.

KEPRO's system is secure. Our information systems are secured by an in-depth strategy that utilizes multiple layers of operational, management, and technical controls to protect KEPRO assets. We also employ software programs designed to prevent unauthorized use by staff or outside entities.

All KEPRO information systems employ common security controls such as Firewalls, Anti-virus, Role Based Access, FIPS 140-2 Encryption for mobile devices, and the requirement of strong passwords. Information system users are assigned a security role based upon access requirements relevant to their positions and information/program privileges.

The HIPAA Security Rule requires entities to implement information systems that control access to healthcare and related systems. KEPRO adopts a subset of NIST 800-53 Rev 3 Security controls to maintain compliance with HIPAA. Based on these security standards, KEPRO mitigates risk to its Information system by focusing on such controls as:

  • Log-In Security. HIPAA security requires the use of secure User IDs and the use of passwords. KEPRO requires multiple account authentication processes within its information systems to verify the identities of our end-users. KEPRO's policy requires strong passwords that are changed frequently.
  • Access Control. HIPAA requires one of the following: Context Based Access, Role Based Access, or User Based Access. User Based Access is part of the Log-In Security component. KEPRO's Role Based Access gives individual users access relevant to their function in the organization.
  • Audit Trail. HIPAA requires the use of an audit trail to identify who accesses PHI. KEPRO systems track those who change the patient record, the date and time the record was modified, and the specific information changed. The system includes a read only audit trail that captures each time a system user views a case.
  • Session Time-out. KEPRO information systems account for session inactivity by locking screens after 10 minutes of inactivity.
  • KEPRO's physical space is secure. KEPRO’s computer, telephone, and hardware systems are located in climate controlled rooms with fire-suppression and electronic locking system. We allow only authorized access to the room.
  • KEPRO focuses training on confidentiality and security issues. All KEPRO employees undergo rigorous training on security and confidentiality of PHI. We have successfully provided this training to all staff regardless of their respective roles/duties.

KEPRO Headquarters

See all locations

777 East Park Drive, Harrisburg, PA 17111
Toll-free: 800.222.0771
Phone: 717.564.8288
Fax: 717.564.3862