Security and Health Insurance Portability and Accountability Act (HIPAA) Compliance Statement
Employers need to be increasingly vigilant to ensure compliance with existing and pending federal regulations for protecting confidential employee data. Compliance concerns extend to vendors who must have processes in place to ensure secure data transfer and proper encryption methods for protecting confidentiality and preventing disclosure.
It is SBF Communications' policy to comply with all rules and regulations regarding protection of confidential data including Protected Health Information (PHI). We will use the information that we are granted access to only for the purposes for which we have been contracted.
- We will safeguard the information from misuse.
- We delete all confidential employee data from our systems seven days after producing your final total compensation statements.
- Access to electronic data is restricted via password to only those employees that have a need to know. Servers and data storage units are in a secured computer room with limited access. Data is received and forwarded via automated, electronic processes where no direct human intervention is required. Access or viewing of PHI is only allowed when required to provide further client support.
- To ensure that data is not compromised in either the upload or the download of a file, we use the Secure Socket Layer (SSL) protocol. In order to protect data integrity during file transfer, online payments, and user registration, We use the industry-standard, 256-bit SSL encryption deployed using Class 3 certificates.
- No printed reports or paper copies are ever retained in our facility. If reports are ever printed to further support our client, they are shredded immediately upon completion of the task that required the paper output.
- We use a secure messaging via Zixmail, a secure messaging portal with encryption services and password protection to deliver protected information via email.
- For large file transfers we use both Zixmail for secure messaging and DropBox.com for their file transfer services. Files transferred through DropBox, remain on their secure servers for download for up to 14 days.
SBF Communications will:
- Comply with the rules and regulations concerning the privacy and security of PHI under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
- Not use or disclose any PHI except in the course of meeting our contractual obligations or as required by law.
- Protect against any non-permitted use or disclosure of PHI using no less than a reasonable amount of care.
- Report any non-compliance of which we become aware.
- Upon reasonable notice and during normal business hours, allow the Secretary of the United States Department of Health and Human Services the right to audit our records and practices related to the use and disclosure of PHI to ensure compliance.