So we are safe at two levels: First, we are not using the OpenSSL software which contains the heartbleed bug, and second (and more important) we do not store any sensitive or financial data, reducing the likelihood that we would be a target of attacks.

If you go to the heartbleed test website, enter in www.uhpa.org and
check the “advanced” checkbox you will see that uhpa.org is not
affected.   See the graphic of a screen shot.