🔒 Security Assurance – Protecting Sensitive Customer Information in Receipt Submissions

At ENDVR, we prioritize the security of sensitive customer information and ensure compliant with HIPAA regulations. We have implemented measures to prevent the inclusion of private customer details in receipt submissions while maintaining the integrity of our sales incentive program.
​

For each Sales Incentive campaign, we recommend using the pre-built templates that explicitly instruct sales associates to cover or hide any patient-sensitive details before uploading their submissions.
​

PLEASE ENSURE NO PRIVATE CUSTOMER INFORMATION IS INCLUDED IN YOUR SUBMISSION.
​

Despite these guidelines, if submissions still contain sensitive details, our receipt reviewing team follows a structured process to redact this information securely.
​

Step 1: Identify patient-sensitive details on any submissions during the reviewing process.
​

Step 2: Utilize our Redacting Tool to cover all sensitive information.
​
​

Step 3: Approve or reject the receipt based on whether the submission meets the mission description criteria.
​
​

Step 4: If a sales associate repeatedly submits receipts without redacting private details, the ENDVR Support team will individually contact them to reinforce compliance expectations and ensure they take corrective action.

Since we have the ability to redact sensitive information, no receipts will need to be rejected solely due to the presence of private customer data as long as they meet the other qualifying criteria.
​

We appreciate your attention to compliance, and we encourage all associates to black out personal identifiable information on receipts before submission. This can be achieved by using black markers, stickers, or even post-it notes to cover the top portion of the receipt while keeping essential transaction details visible.
​

To qualify for incentives, the following receipt details must remain visible:

To further strengthen our compliance measures, ENDVR has introduced an automated image redaction feature to prevent the display of sensitive patient information. This proactive security measure ensures HIPAA compliance while maintaining a seamless experience for our users.
​

From a data privacy standpoint, ENDVR, as a processor of the data, upholds its responsibility under HIPAA and GDPR regulations to protect patient-sensitive information. This is a standard practice across North America and ensures both ENDVR and our clients remain safeguarded in the event of a data breach.
​

While our compliance measures adhere to HIPAA and GDPR, we recognize that privacy regulations in other regions, such as ANZ, may differ. However, we take a cautious approach, prioritizing the highest security standards to safeguard user trust.
​

By following these steps, we collectively ensure compliance, safeguard customer privacy, and maintain the integrity of our incentive programs. Thank you for your cooperation and commitment to data security.