A security policy is a document that outlines the rules, laws and practices for computer network access for your practice. This document will set expectations for your staff to regulate how sensitive information (patient information and practice business data) will be managed technologically. Our team has years of experience across a wide number of practices of varying size and is therefore best positioned to advise you on the best practices in your sector.

A HIPAA Business Associate Agreement (BAA) is a contract between a HIPAA-covered entity and a HIPAA business associate (BA) that protects personal health information (PHI) in accordance with HIPAA guidelines. Our team guides you through the signing process to ensure full compliance and strictly follows the BAA throughout the service agreement.

All of our backup solutions actively protect your systems while meeting HIPAA compliance requirements. HIPAA mandates three key safeguards for backups:

1. Technical safeguards: Backups must use a minimum of 128-bit encryption and include proper deletion and destruction of data. Our team follows the Department of Defense standards outlined in the National Industrial Security Program Operating Manual. If data is not encrypted at rest, we ensure it is securely destroyed.

2. Physical safeguards: These address the security of physical infrastructure, such as locks and controlled access areas. Our solutions comply with HIPAA’s Physical Safeguards, including facility access controls, secure workstation use, and device and media management.

3. Administrative safeguards: Backups must also meet administrative standards, including a provider’s security management process, assigned security responsibilities, workforce security, information access management, security awareness training, and contingency planning. We help you implement and maintain these requirements to ensure full HIPAA compliance.

Encryption of all transmitted records and files containing personal information that travel across public networks, as well as of all data containing personal information transmitted through wireless networks, is required by MASS 201 CMR 17 state law. Compliance with these standards will be ensured for your devices, which will be fully encrypted.