|
|
 |
| Salem Health Solutions’ services are delivered
via ASP, and data feeds are usually delivered directly from the carrier/TPA
and PBM eliminating additional workload concerns for IT departments. |
|
|
As part of a provider network, SHS takes security and HIPAA regulations extremely seriously. All of Salem Health Solutions Corporate Policies and Procedures have been externally reviewed to confirm compliance with HIPAA requirements, made binding through employment agreements and enforced by a full-time privacy officer who is responsible for HIPAA compliance.
Security of the data from external intruders is also critical. And the company's physical security is on par with some of the most secure military facilities in the country. SHS' first layer of security is physical. There is m inimal on-site Personal Health Information (PHI) storage at our secure Head Quarters. The vast majority of PHI is stored at an off-site "Level 4" security facility where all customer data, production systems and backup media are housed.
Our network is protected by multiple layers of hardware and software to prevent unauthorized access to our systems and information. External communications must pass through our firewall and intrusion detection systems. Each user has a unique ID which belongs to one or more roles, determining which systems and information the user can access.
The third tier of security is a Secure Socket Layer (SSL) encryption layer. All server-browser communication is encrypted using asymmetric encryption method (public/private key pair) preventing spoofing or unauthorized copying. All downloads are insured by Digital Certificates issued by trusted providers.
The fourth level of security is password and access control at the application layer. An Access Control Layer protects all proprietary information, where the client has full control over who in their organization has secure access to this information.
The next level of protection extends beyond technical design and architecture. SHS assures its clients in writing with a contractual guarantee that all information collected from SHS customers, whether it be business or person health information (PHI) remains private and confidential. Additionally, all employees, consultants, and customers are required to sign confidentiality agreements that are rigorously enforced. All employees are trained carefully so that they understand the importance of keeping client confidential information completely secure. While SHS retains the right to "de-identify" patient records for benchmarking or other statistical analyses, the output can never be tracked back to its source. This process ensures that SHS is not sharing any customer information with any third parties unless written permission is obtained from the customer.
Our Policies and Procedures also limit our staff's access to your protected health information by limiting the roles to which they can be assigned. As we have implemented a "Policy of Least Authority" (POLA), staff members can only be assigned to roles which have access to information that they "need to know."
Finally, SHS has a detailed, comprehensive Contingency Plan for business disruption. The Plan guides our preparedness, response, and recovery actions and is applicable to both business continuity and disaster recovery situations. |
|
 |
|
Home
Contact Us
Site Map
Terms
e-mail page to friend