The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. To ensure the confidentiality, integrity, and security of electronic protected health information (PHI), the Security Rule requires appropriate administrative, physical, and technical safeguards.
Many HIPAA breaches result from stolen devices, including laptops, mobile phones, and flash drives. As such, physical safeguards are an important part of any data privacy and security effort. These include physical measures, policies, and procedures to protect electronic information systems and related buildings and equipment.
Benefit Allocation Systems, Inc. takes its responsibility towards client information very seriously. BAS has implemented the following physical safeguards, as well as others, to ensure that this information remains protected:
- An access card is required to enter BAS offices. Additionally, all visitors must register and be accompanied by a BAS employee during their visit. Within BAS offices, all file rooms are locked and are only accessible to authorized personnel.
- BAS’ data centers have high grade security with surveillance and on-site security personnel.
- As per BAS policy, information cannot leave BAS computers via flash drives. This prevents employees from removing sensitive information from the secure system.
- BAS has a standard practice of shredding paper containing PHI or sensitive information. Paper with PHI that must be retained is kept secure.
- All employees are trained on HIPAA privacy and security so that they can properly protect their work areas. For example, employees leave all printed materials containing PHI face down on their desks, lock their computers when away from their desks, and remove materials with PHI from their desks when they leave for the day.
- Facility sweeps occur daily. During these sweeps, a BAS employee canvasses BAS facilities to make sure that there is no sensitive information in plain view.
These physical safeguards are among the many security measures that BAS takes to protect sensitive client information.
