| |
| Security And Confidentiality |
|
Our company adheres to the required confidentiality
standards by implementing guidelines that conform
to HIPAA requirements under the following categories:
|
| |
| Administrative Procedures |
| |
|
| 1. |
We created a HIPAA Compliance Management Committee
consisting of the President, the COO and director-level
managers tasked with the following: |
| |
|
| |
| a. |
Performs internal assessment and audit; |
| b. |
Conducts training on HIPAA compliance policies
relating to confidentiality and non-disclosure
agreements |
| c. |
Sets policies for security and access to
components; |
| d. |
Monitors the HIPAA implementation rules
on an ongoing basis and assigns activities
and responsibilities to ensure compliance. |
|
| |
|
| 2. |
All personnel with access to customer data or
customer records are required to sign a confidentiality
agreement. All business partners with access to
protected information must enter into a business
associate agreement that requires full compliance
with all HIPAA requirements and safeguards. |
|
| |
| Physical Safeguards |
| |
|
| 1. |
The data center is physically secured and requires
the use of a biometric fingerprint scanner to enter
the premises. Keys are only issued to individuals
as authorized by the HIPAA compliance officer. |
| |
|
| 2. |
Reception area is manned at all times by authorized
personnel. |
| |
|
| 3. |
The data center facilities are equipped with fire
detection, fire extinguishers, and backup UPS. |
|
| |
| Technical Data Security |
| |
|
| 1. |
Data security is achieved thru the implementation
of an Intrusion
Prevention and Detection System, a Multi-Tiered
Firewall System, and
advanced data security analysis during the operation
of the data center. |
| |
|
| 2. |
Continuous inspection on implemented data security
policies ensure that data
integrity is kept. |
| |
|
| 3. |
All electronically stored data is limited by access
control policies and
is strictly maintained on a high-security server. |
| |
|
| 4. |
Server backups are done on secure media, implemented
with a multiple
password and encryption controls, utilizing triple-DES,
AES and Blowfish
4096-bit high encryption algorithms. |
|
| |
