CHIS, Inc. initiated a risk assessment evaluation of doing business within the confines of compliancy and to proactively be involved in the process. Attention was given to security of systems both remote and local of both physical and electronic. Evaluation of our needs for training and workforce security was also assessed as well as other parts for HIPAA compliance with HITECH. CHIS, Inc. last completed this assessment on December 20, 2011.
Currency of Policies and Procedures
CHIS, Inc. has gone through and reviewed all internal policies and procedures pertaining to HIPAA and HITECH compliance. Changes and additions were made that strengthens our commitment to compliancy. Last completion of edits and additions to policies and procedures was completed on December 19, 2013.
CHIS, Inc. has completed training for staff in HIPAA security and provides continuous security training for its workforce. The designated Security Officer completed CHSS (Certified HIPAA Security Specialist) certification on January 28, 2010 and CHP (Certified HIPAA Professional) certification on March 9, 2010.
CHIS, Inc. has in place security procedures for clearing access for its workforce and the business vendors it utilizes. Workforce access clearance is done through background checks and authorization from the appropriate persons. Implementation of the new procedures and policy was last completed on February 10, 2010.
CHIS, Inc. has implemented workstation security across the business by adding centrally managed Anti Virus and Intrusion detection and protection. We have implemented new policies and procedures for remote workstation security through the use of secure transport mechanisms like high encryption VPN connections. Workstation security implementations were last completed on February 5, 2010.
Encryption security has been enhanced with the use of high encryption capable hardware on our edge network. Secure connections to client sites are using high grade AES 128 bit encryption or above. VPN Client connections to remote client systems follow the same high encryption policy. Encryption is used for the storage of secure data. Encryption compliance implementation was last completed on February 10, 2010.