Securing and protecting sensitive information goes hand-in-hand with the pursuit of best practices at Bland & Associates, P.C. Our firm invests in state-of-the-art technology and platforms that combine government-compliant security with user-friendly features.
As a contractor for the Centers for Medicare & Medicaid Services (CMS), we train personnel on Health Information Portability and Accountability Act (HIPAA) requirements. All staff are required to sign a statement representing that they have read and understood the basic requirements of HIPAA and protected health information (PHI). While we have always taken our role as confidential client advisors seriously, our work in the healthcare industry adds another layer of professional discretion that serves CMS and programs under its supervision. Violators of security procedures are subject to discipline up to and including termination.
In particular, all Health Plan Management System (HPMS) users go through CMS information security training during their annual recertification. All CMS-related working papers are stored electronically in software called Caseware Working Papers. Paper documentation received from our clients is scanned, saved electronically if pertinent to our file, and immediately shredded once it is no longer useful to the engagement. Caseware Working Papers are securely retained as required by professional standards, the client, federal agencies, or the law, whichever dictates the greatest amount of time.
Bland & Associates employees all must adhere to the firm’s electronic document retention policy, which applies to all electronic mail, voicemail, or other forms of electronic communication. Records are retained in a secure manner if they have ongoing legal, compliance, business, operational, or historical value. At such time as they are no longer needed, the policy outlines the process for purging electronic records from files.
In order to mitigate information security risks, Bland & Associates has developed and implemented the following secure data exchange and communication technology protocols governing both physical and system security. In addition, we have an information technology disaster recovery plan. Managing your risk is our concern.
Physical Access Controls:
Media Controls/ Network Controls: