You don’t have to go far to see, hear, or worse, experience some form of Cyber/Technology Security Breach. It’s a scary fear and can escalate quickly, affecting thousands if certain measures and protocols are not put in place for proactive protection as well as reactive.
Of course, one that hits close to home is that attack on another pharmacy partner. This ransomware attack affected over 1.6 patients nationwide and the actions to remedy this are still ongoing.
Nuvem feels that it is imperative to educate Covered Entities on the importance of instituting the highest level of data security and review what your organizations should be implementing, what we here at Nuvem do to go a step further. You should expect nothing less from your current TPA.
What is Data Integrity?
- Integrity means the property that data or information have not been altered or destroyed in an unauthorized manner.
- Trustworthiness of information over its entire life cycle.
- Data reflects the “what” from beginning to end.
- From onset (encounter, visit, admission) to primary and secondary uses of the same data.
- As data structure might change, the data continues to reflect the what.
- Uniform, trustworthy, complete, unchanged meaning, secure.
Nuvem adopts the highest security and privacy protocols to protect health information and the data of our customers. Security is EXTREMELY important to Nuvem. We are SOC 2 certified and perform an annual HIPAA Assessment and Penetration Test. For access to any of Nuvem technology solutions, we provide all covered entities and pharmacies with an individual login and password to our software solutions. Usernames and passwords are in created according to HIPAA protocols
Processes, Policies and Procedures
Formal policies and procedures exist that describe logical access, information security, user data confidentiality, risk management, disaster recovery, and change management. All Nuvem personnel adhere to the policies and procedures that define how services should be delivered. It is an employee policy that we take incredibly seriously and actively test.
Nuvem is committed to protecting the ePHI of its clients and expects all its employees to demonstrate a similar commitment. We recognize that compliance with the HIPAA Security Rule is not a onetime event but rather a continuous process. We encrypt data both in-transit and at-rest as required by both HIPAA and HITRUST protocols. For encryption between the front-end application to the end user we are using SSL certificate from an authorized CA.
Anti-Virus & Intrusion Detection
Nuvem protects its systems against infection by computer viruses, malicious code, and unauthorized software by implementing antivirus software. Antivirus software is typically installed on servers, workstations, and laptops to detect and prevent the transmission of data or files that contain certain virus signatures recognized by the antivirus software.
Virus signatures/definitions are automatically updated and the antivirus solution is configured for live protection and real-time scanning. We maintain control of our protection by restricting the ability to administer the antivirus solution to authorized personnel only.
An Intrusion Detection System (IDS) solution is deployed to automatically detect threats and suspicious network activity. The IDS is configured to report on any intrusions identified by the firewall. The ability to administer the firewall is also restricted to authorized personnel.
We understand that this is not only a fearful topic, but one that can be overwhelming – but it is something that your organization needs to consider and scrutinize your current provider’s policies and security tools. We are happy to set-up a call or meeting to diver even deeper into this topic.