Agencies across the country are centralizing many of their back office functions and turning to Fazzi’s outsourced services for coding, OASIS review, complete Plan of Care review and billing. We’re pleased to provide this explanation of how we keep agencies’ PHI secure throughout the outsourced services workflow.
Our Information Security Program is built within the ISO 270001 framework and on these pillars: Assessment and Expertise, Policies and Procedures and Technology and Infrastructure.
Assessment and Expertise
We have assembled our own in house team of highly qualified Information Technology (IT) experts. Additionally, our team works with outside experts in the field to ensure that we stay up to date with new developments – and – new threats. Together these experts regularly inventory, assess and test every aspect of our IT systems and business processes for information security.
Policies and Procedures
Fazzi’s security program meets the most rigorous demands in the industry including HIPPA and state regulations, HITECH (Health Information Technology for Economic and Clinical Health Act) and ISO 27001 which is one of the most rigorous information security standards in the world.
Our written policies embody these regulations and standards and bring them to life in how we handle client data in motion, at rest and over time. PHI is always encrypted in transit using the strongest ciphers available. All PHI and working documents stored on our servers are encrypted on disk and retained only per policy. Fazzi is prepared to respond to disasters with planned procedures defined in the Disaster Recovery plan. Further, per our policies, we regularly train our staff on fraud and abuse and information security.
Technology and Infrastructure
Fazzi uses desktop virtualization and a suite of security technologies to protect PHI. With this system, all PHI is encrypted at rest and in motion. Access to data is managed centrally no matter where the work occurs. Data never leaves our data center in Atlanta or our disaster recovery back up site in Phoenix. These data centers are certified for SSAE/16 Type II, PCI DSS and HIPAA.
These policies and infrastructure enable Fazzi to protect PHI throughout the entire outsourced services workflow, from the agency’s EMR system, to the Fazzi data center, to the staff performing the work and back again. Our outsourced services staff launch a secure virtual desktop session in the data center and only the keyboard, mouse and video display are served. A secure encrypted file share is provided for working documents. Personal email, ‘sync and share’ (e.g. Dropbox), social media and clipboard transfers (cut/paste) are blocked.
From the virtual desktop, our staff connects to the agency EMR system. This connection can take one of many forms. Fazzi can support all major secure connections including Citrix, HTTPS/SSL, RDP and site-to-site tunnels. In this way, PHI is protected throughout its lifecycle in the Fazzi infrastructure and business process.