Health Care Data Security – 10-Point Checklist

When choosing a partner for healthcare exclusion screening and monitoring or credentialing verification services, it is important to compare all healthcare credentialing partners against these top 10 data security measurements to protect your organization from financial loss, regulatory and reputational damage through non-compliance.

With Verisys, you can put your worries at ease knowing that your organization will be protected. We believe investing in  data security is the right thing to do in the industry and the correct way to partner with our customers. This is how we stack up in regards to security:

1. PERSONALLY IDENTIFIABLE INFORMATION (PII)

Verisys uses the strongest, industry standard encryption and we offer our customers an additional layer of PGP encryption. PGP is used for signing, encrypting, and decrypting texts, emails and attachments to increase the security of email communications.

Verisys collects PII over a secure website to ensure secure transactions for our partners. Verisys uses Transport Layer Security, the predecessor of Secure Socket Layer (SSL). The connection is private (or secure) because symmetric cryptography is used to encrypt the data transmitted. Verisys secures PII from external threats using firewalls, IDS, SFTP and TLS-protected APIs.

Verisys maintains PII using employees highly trained in regulations and industry best practices around PII, which demands stringent security and management practices. Verisys has been in the industry of handling highly sensitive information for over twenty years.

2. PROTECTING CUSTOMER DATA

Verisys has the awareness and security in place to combat physical, human and organizational threats internally and externally.

Physical Building Security (key cards and disabled ports, to name a few)

Confidentiality Agreements are signed bi-annually and employees are trained in challenges for human security engineering.

Verisys meets stringent organizational compliance that are certified by NCQA and URAC accredited.

3. MAINTAINING A SECURED NETWORK ENVIRONMENT

Verisys’ website preserves privacy and confidentiality by ensuring data transactions occur over a network with Transport Layer Security, to provide an encrypted link between web server and browser.

Verisys ensures network sites are secure using several layers of user authentication and authorization.

Verisys implements secure firewalls to effectively manage communication between computer networks and hosts.

4. INVESTING IN IDS

Verisys has modernized its threat detection and responses to neutralize threats quickly using the industry’s leading IDS provider.

Verisys has invested in an industry leading SIEM and Intrusion Detection Systems (IDS). This solution allows us to effectively detect and quickly neutralize potential threats.

Verisys uses IDS to leverage advanced intelligence and heuristics technology to detect suspicious patterns of activity and alert the security team.

When an intrusion detection occurs, the Verisys security officer investigates the alert and tailors a response to address the threat. Our security response team is mobilized to contain and remediate any threat.

5. DEDICATED SECURITY OFFICER ON STAFF

Verisys has a dedicated, credentialed security officer who works round-the-clock to oversee our data and systems security. Qualifications include:

Certified Information Systems Security Professional (CISSP)

GIAC Information Security Professional (GISP)

Wireshark Certified Network Analyst (WCNA)

AWS CSAA

Our security officer works closely with our privacy officer and compliance officer to keep abreast of new security changes and needs in the marketplace and healthcare industry.

6. DATA STORAGE IN A SECURED FACILITY

Verisys data products only reside in data centers that meet strict security requirements and guarantee Tier 3 – 99.982% availability:

• • Natural disaster resilience
  • Redundant infrastructure
  • 24×7 monitoring
  • Dual-factor authentication
  • Regular auditing in accordance with national or international standards (SOC2 and ISO27001)

7. BUSINESS CONTINUITY PLAN

Verisys has a Business Continuity Plan, a Disaster Recovery Plan and a Pandemic Business Continuity Plan. If an adverse event occurs, Verisys has documented continuity plans that are regularly reviewed and updated for accuracy and applicability. These plans ensure that Verisys can maintain business operations and meet customer commitments.

8. SOFTWARE DEVELOPMENT LIFE CYCLE (SDLC) STRATEGY

Verisys, as a Credentials Verification Organization (CVO) undergoes auditing for URAC accreditation, which includes information security for mandatory core standards.

Verisys, as a CVO, is fully audited by the NCQA, which evaluates operations and processes to continuously improve credentialing verification services. Our Verisys data security team works alongside software engineers and product owners to pass security measures that meet accreditation requirements for NCQA and URAC.

9. REVIEW OF SECURITY POLICIES AND PROCEDURES

Verisys reviews their policies and procedures annually and anytime their is a change in a process, for example:

• Iterations
• Reviews that require approval from department leads, SMEs and CEOs
• Changes to regulatory and security compliance requirements

10. THIRD PARTY SECURITY PRACTICE EVALUATIONS

For Verisys to pass Fortune 500 evaluations and assessments, we must meet the highest standards of data security. We are frequently evaluated by our largest, Fortune 500 customers and we continuously pass the most stringent assessments.

Verisys thoughtfully builds solutions that go above and beyond meeting the minimal standards for data security because we are ethically engineered to make the right choices in the healthcare industry and marketplace.

Learn more about how Verisys can assist your HCOs in meeting all government and regulatory standards.