IT Infrastructure
- The business impact of infrastructure is reflected in application availability which, combined with response time, are infrastructure management priorities
- Ensuring the underlying infrastructure – servers, desktops, firewall, storage, databases, web servers, application servers, backup software and call center applications which exceed operational service objectives by contributing to critical success factors of Global Healthcare Billing Partner
Administrative Safeguards
Security Management Process
Identified all risk areas related to e-PHI and developed organization-wide procedures to mitigate risks including:
- Business Associate and Non-Disclosure Agreement with clients, vendors, visitors and employees (inclusive of HIPAA compliance).
- Access as per need – client specific logins on all internal programs and file systems including password management.
- Training and awareness to employees on e-PHI, risk areas and complaints.
- Data backup plan – Scheduled daily backup of all files and documents stored in the server on external storage devices. Weekly recording of the same data done on tape drives.
Physical Safeguards
Facility access controls
- All employees have restricted access to information (both internal and external) that is exclusive to the performance of their duties.
General Access
- GHCBP’ production facilities have 24-hour security for ingress and egress
- Bio-metric cards to prevent unauthorized entry into production areas
- Floor-level security to client work areas are implemented, where appropriate, based on proximity card and role based authentication
- Cameras in all security sensitive areas in the premises to monitor employee movement and behavior
Network Room
- The areas of our facility that contain networking and other sensitive equipment are secured separately from general-purpose work areas.
- Only authorized personnel are allowed to enter the network room.
Device and media control
- Floppy & optical drives are removed from workstations.
- USB ports are restricted only to keyboards, mice and other peripherals
- Removable storage devices are inaccessible through the USB ports
Power saving options are enabled in all workstations. Screensavers are activated in 2 minutes and workstations are automatically locked in 5 minutes.
Any electronic devices like Laptops, Mobile Phones, Cameras, CD/DVDs, Pen Drives, etc., are not allowed to be carried into the work area without proper scrutiny and authorization.
Technical Safeguards
Data Security
- Data transfer is completely protected as it occurs through a state-of-the-art hardware firewall and VPN tunnels established between Global Healthcare Billing Partner and respective clients.
- Qualified networking technologists, approved by management have access to firewalls for maintenance.
- The data being sent by the GHCBP associates to the client’s office over this pipe is encrypted in compliance with the HIPAA standards. The encryption is at a level of 3DES standard to ensure complete confidentiality of the transmitted data. HMAC-MD5 uses a 128-bit secret key and produces a 128-bit authenticator value.
Anti-Virus protection
- GHCBP Servers and desktops are completely protected by strong anti-virus software (Symantec and Kaspersky).
- The anti-virus software updates are done automatically and to be complaint, regular audits are carried out.
Access Controls
- LAN – The shared folders in the network server locations are accessible only with the login credentials.
- Internet – Employees have restricted access to the internet, based on the specifics for the corresponding client they work for Internet-related activities are logged and monitored by the Network Team.
- Emails – Email access is generally restricted to internal email servers for all employees and only a few authorized personnel have the ability to send/receive mails outside the network.