Contact us today: (402) 397.8822

Security & Media Controls

Securing and protecting sensitive information goes hand-in-hand with the pursuit of best practices at Bland & Associates, P.C. Our firm invests in state-of-the-art technology and platforms that combine government-compliant security with user-friendly features.

As a contractor for the Centers for Medicare & Medicaid Services (CMS), we train personnel on Health Information Portability and Accountability Act (HIPAA) requirements. All staff are required to sign a statement representing that they have read and understood the basic requirements of HIPAA and protected health information (PHI). While we have always taken our role as confidential client advisors seriously, our work in the healthcare industry adds another layer of professional discretion that serves CMS and programs under its supervision. Violators of security procedures are subject to discipline up to and including termination.

In particular, all Health Plan Management System (HPMS) users go through CMS information security training during their annual recertification. All CMS-related working papers are stored electronically in software called Caseware Working Papers. Paper documentation received from our clients is scanned, saved electronically if pertinent to our file, and immediately shredded once it is no longer useful to the engagement. Caseware Working Papers are securely retained as required by professional standards, the client, federal agencies, or the law, whichever dictates the greatest amount of time.

Bland & Associates employees all must adhere to the firm’s electronic document retention policy, which applies to all electronic mail, voicemail, or other forms of electronic communication. Records are retained in a secure manner if they have ongoing legal, compliance, business, operational, or historical value. At such time as they are no longer needed, the policy outlines the process for purging electronic records from files.

In order to mitigate information security risks, Bland & Associates has developed and implemented the following secure data exchange and communication technology protocols governing both physical and system security. In addition, we have an information technology disaster recovery plan. Managing your risk is our concern.

Physical Access Controls:

  • Office security camera monitoring 24/7
  • Staffed reception and escort protocols for guests
  • Authorized, 5-digit office entry codes assigned to each employee with tracked usage
  • Locked cabinets and senior staff locked offices
  • Password protected network and laptops with required password changes and disk encryption
  • Multi-media shredding services and bonded agency (laptop retirement)

Media Controls/ Network Controls:

  • Climate-controlled, hazard free data, media, and server storage
  • Power surge protection
  • Electronic media storage protections from dust, moisture, or extreme temperature
  • Access to server/media room by authorized personnel only
  • Secure logon authorization and monitored user access to server
  • Updated firewall and anti-virus software
  • Secure web portal with encryption for safe access, permissions, and data exchange compliant with the following standards and designations:
    • HIPAA
    • FedRAMP(SM)
    • SOC 1/SSAE 161/SAE 3402
    • DIACAP and FISMA
    • SOC 2
    • ITAR
    • SOC 3
    • FIPS 140-2
    • PCI DSS Level 1
    • CSA
    • ISO 27001
    • MPAA

Request a Proposal.

  • This field is for validation purposes and should be left unchanged.