ECS handles millions of medical records containing PHI for many of the largest health organizations in the world. ECS has established the most stringent security measures in the industry to comply with all HIPAA regulations.
ECS’ processes and polices have been reviewed by our customers as well as outside security firms ensuring HIPAA compliance. As a Business Associate, ECS has actionable written policies and documentation of security policies that are a part of the ECS culture.
- Role-based access controls implemented on all applications and share-drives
- Routine auditing and monitoring of network, systems, and applications
- PHI in transit and at rest is 128 bit encrypted and password protected
- All data resides in our SSAE 16 Type II certified data center
- Physical access to the building and specific secure areas controlled via timed key fob and badge access
- Onsite shredding and hard drive destruction performed routinely
- ECS’ HIPAA-HITECH Business Associate policy addresses requirements for HIPAA compliance and compliance with state security breach notification laws
- HIPAA Training/Testing for all new employees and yearly for existing employees
- Business Continuity and Disaster Recovery Plan detailing procedures and response