Infosec and Regulatory Compliance

   

   

v  

Data Backup plan : We routinely update and maintain, for a specific period of time, retrieval of exact copies of information..
   

v  

We have documented standard policies and procedures for the receipt, storage, dissemination, transmission and/or disposal of health information.
   

v  

Formally documented policies and procedures are in place for granting different levels of access to healthcare information.
   

v  

Our In-house system administrators review system activity such as logins, file access and security incidents on an ongoing basis.
   

v  

We perform surprise audit checks of the individual desktops & systems.
   

v  

No laptops or cell phones are allowed under any circumstances on the operations floor. Laptops are permitted to select employees on requirement basis.
   

v  

We implement formal documented procedures for connecting and loading new equipment and programs, periodic review of maintenance and security testing of hardware or software.
   

v  

The systems on the operations floor do not have either floppy or CD drives. The data is stored or downloaded on the HDD through centralized server.
   

v  

Only the administrator has the access to a CD drive.
   

v  

Training : We impart education concerning the vulnerabilities of health information. This includes, but is not limited to; awareness training, periodic security reminders, user education concerning virus protection, user education in importance of monitoring login success or failure and how to report discrepancies, user education in password management etc.