BAS takes great strides to protect its clients’ electronic protected health information. Specifically,
1. BAS has a HIPAA business associate agreement in place with its clients. This BAA addresses protection of electronic protected health information.
2. BAS enters into an Electronic Data Trading Partner Agreement with partners to whom BAS provides electronic PHI. This document requires both parties to recognize the importance of maintaining security and privacy of the shared information.
3. BAS provides two industry-standard secure file trading mechanisms. The first method allows an organization to upload files through BAS’ SFTP site. This encrypts the file during movement from the originator’s system to the BAS system, and also contains fully-encrypted disk for files residing on the server. The second method allows the organization to upload via https into MyEnroll.com against the client’s account.
4. Data uploaded to MyEnroll.com from either the SFTP server or from a direct feed resides on fully encrypted disk.
These security protocols which are part of standard BAS operations sets it a step above other organizations with regard to data privacy and security.
