Healthentic has comprehensive information security and compliance programs centered around ensuring the privacy and security of client data while facilitating regulatory compliance with HIPAA and state privacy laws. These processes are aligned with NIST standards and best practices for information security and privacy. We validate our controls regularly and apply continuous process improvement methodologies to ensure our security and compliance controls evolve with technology and changes in the threat landscape.
Our Information Security and Compliance Programs are designed to meet the objectives of the HIPAA and other regulatory mandates while maintaining the confidentiality, integrity and availability of information across the following domains:
Delta Dental of Washington (DDWA) provides network security services for Healthentic’s servers, desktops, laptops, equipment and services hosted at DDWA. DDWA uses commercially reasonable best efforts to prevent all inbound access from the internet, except for what is deemed necessary for the use of Healthentic’s services by Healthentic, or as defined by Healthentic’s Private Network. WDE includes Healthentic’s external facing network nodes in DDWA’s regular security audits.
Our workforce is screened for qualifications, criminal history and against FACIS databases by internal investigators and external screening vendors. At a high level our background investigation process includes work history, seven year criminal background checks (ten years for sensitive roles), county criminal record cross checks for seven or ten years, national sex offender screening and FACIS screening including federal fraud and abuse exclusions and OFAC databases.
Ongoing monitoring of systems use along with policy training and enforcement help ensure that our workforce is upholding our commitments to customers to ensure the security and privacy of data entrusted to us.
Healthentic is committed to maintaining formal practices for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information (PHI).