Security

The MedicAlert® Web site uses or may in the future use technology features such as log-in registration, cookies, or click through tracking software.

The site also logs information such as Web site IP addresses and browser types. This information is used for analysis purposes and to provide better service for users.

Use of Cookies

A "cookie," is a block of text the site places in a file on your computer's hard drive to track your activity. While a code in the cookie file enables the site to label you as a particular user, it doesn't identify you by name or address unless you've provided the site with such information or set up preferences in your browser to do so automatically. Newer versions of browser software let you decide whether you want to receive cookie files, and some programs notify you when a web site is about to deposit a cookie on your hard drive. You can check for cookies on your computer. If you have a PC, look for a file on your hard drive called "cookies.txt" or for a file labeled "magic cookies" if you have a Macintosh. You can delete these files from your hard drive. There are also utility software programs (called "cookie cutters" or "anonymizers") that allow you to edit cookie files selectively within Web browsers.

External Links

This site contains links to other sites. MedicAlert is not responsible for the privacy practices or the content of external Web sites.

Web Site Security

The MedicAlert Web site uses the latest 128 bit SSL encryption technology to protect your on-line privacy and all transactions which you may conduct. The site is secure when the "padlock" icon is in the closed position, or when the URL address begins with https://.

SSL offers the following security benefits:

Privacy: Data is encrypted to and from clients, so privacy is ensured during transactions. Message validation: An encoded message digest accompanies data to detect any message tampering.

Server authentication: The server certificate accompanies messages to assure the client that the server identity is authentic.

Client authentication: The client certificate accompanies messages to assure the server that the client identity is authentic. Client authentication is optional, and may not be a requirement for your organization.

About SSL Certificates and Certification Authorities

SSL security is based on certificates used by both the client and server. Our web-server uses 128 bit certificates, which is currently the most widely-recognized certificate format. This allows servers and clients with certificates created by the web-server certificate applications to exchange certificates easily between our server and other applications.

Certificates contain a public key, a name, an expiration date, and a digital signature. Client certificates are stored in browsers and server certificates are stored in files called key ring files. A key ring file is a binary file that is protected by a password and stores one or more certificates on the server hard drives. Public and private keys are a unique pair of mathematically-related keys that are used to initiate SSL-encrypted transactions.

The link that allows a server and client to communicate is a Certification Authority (CA). Like a mutual friend, a CA vouches for the identity of a server and client by issuing certificates stamped with the CA's digital signature and including the CA's trusted root certificate in the key ring file. The digital signature ensures the client and server that both the client certificate and the server certificate can be trusted. If the client and server can identify the digital signature on the certificate, then a secure SSL session can be established. Otherwise, the client and server cannot authenticate each other, and the session cannot be established. Clients and servers identify digital signatures by comparing them against the trusted root certificate in their key ring files.

A CA can be an external, commercial certifier, such as VeriSign, or an internal certifier that you establish at your organization. External and internal CAs create both server and client certificates.

Contacting MedicAlert Foundation Canada

If you have any questions about the practices of this site, or for general inquiries about MedicAlert, to update/change your contact information, or to be removed from any mailing lists, please contact us.