What disaster recovery and business continuity systems are in place?
SDS has a full disaster recovery and business continuity plan in place to effectively react to loss of electrical, loss of network, loss of physical computing facility, loss of employee, and loss of keying facility. The goal of SDS is to restore business continuity within 48 hours of an outage or disaster. SDS maintains a parallel computing infrastructure. Each facility is capable of supporting SDS production. SDS contingency business partners already work some SDS jobs and have high production potential. SDS tests this plan annually.
How does Smart Data Solutions and Smart Data Stream stay current with federal regulations?
We continually monitor the regulatory environment to understand the full scope of our compliance responsibilities. When changes are made, we respond well in advance, and test all changes to make sure we remain in compliance.
Smart Data adheres to all HIPAA mandates. All employees are trained on the privacy and security aspects involved with HIPAA and Smart Data has taken precautions to make sure we are HIPAA compliant. Our data centers are highly secure, and our scanning centers have multiple security points prior to access. Our log in requires double user name password along with IP address restrictions.
We are very serious about maintaining compliance with HIPAA security requirements. Specifically, we are SOC 2 type two certified and recently completed an extensive security and penetration audit. In addition, we are an active member of both the EDI standards board and WEDI, for which we attend conferences and participate in educational forums to discuss policy updates. Our entire process is secure and adheres to all HIPAA mandates in each of our services — from the initial image upload, through the data-capture, data-scrubbing, archiving and all the way to the file return and EDI routing. All employees are trained on the privacy and security aspects involved with HIPAA.
We use the above to assess risk after which we prioritize remediation. Many security initiatives are identified internally. For example, we recently implemented password encryption within our database.