How do Smart Data Solutions and Smart Data Stream stay current with federal regulations?
We continually monitor the regulatory environment to understand the full scope of our compliance responsibilities. When changes are made, we respond well in advance, and test all changes to make sure we remain in compliance.
Smart Data adheres to all HIPAA mandates. All employees are trained on the privacy and security aspects involved with HIPAA and Smart Data has taken precautions to make sure we are HIPAA compliant. Our data centers are highly secure, and our scanning centers have multiple security points prior to access. Our log in requires double user name password along with IP address restrictions.
We are very serious about maintaining compliance with HIPAA security requirements. Specifically, we are SAS 70 type two certified and recently completed an extensive security and penetration audit conducted by BCBSMN. In addition, we are an active member of both the EDI standards board and WEDI, for which we attend conferences and participate in educational forums to discuss policy updates. Our entire process is secure and adheres to all HIPAA mandates in each of our services — from the initial image upload, through the data-capture, data-scrubbing, archiving and all the way to the file return and EDI routing. All employees are trained on the privacy and security aspects involved with HIPAA.
In addition, we regularly perform a wide array of internal audits as part of our ISO compliant internal QC systems. Random samples are programmatically adjustable on a per client and form basis. Typically we audit between four and five percent of the claims, and we audit 100% of the fields on the claims we audit. Keyers receive audit feedback within one to four hours. This report provides "month-to-date" totals as well as allowing for "drill downs" to view specific errors. Any errors identified are corrected pervious to batches being returned to the client.
We use the above to assess risk after which we prioritize remediation. Many security initiatives are identified internally. For example, we recently implemented password encryption within our database.