INKLINK

Data - Compliance & Security

With today’s extreme connectivity, it’s more difficult than ever to keep Protected Health Information (PHI) and Personal Identifying Information (PII) private. How can you be sure your sensitive data is safe when it leaves your system for printing?

At BFC, we have created procedures and protocols to ensure our healthcare and insurance clients’ information is safe. Our new security agenda applies to all types of electronic data—design files, PHI data files, PII mailing data files, e-mail files, and software program files.

With this goal in mind, BFC became HIPAA compliant in 2007. All BFC employees are trained on handling HIPAA-related materials and after completion of their training must sign a confidentiality agreement.

Preparing for client data: “At BFC, we have implemented extensive procedures to keep all electronic and printed data secured and in a controlled environment at all times,” states Becky Johnson, Quality Manager, BFC. This begins before any PHI or PII data enter the BFC system with secure FTP sites and servers. With Pretty Good Privacy (PGP) software encryption method, BFC files are impenetrable. Both the client and authorized BFC associate must use a key in order to access the file. In addition, once the file is seen, a password is required to actually open it. These passwords are only given to one person within BFC’s IT Department. While in process, all monitors are set to go to a screensaver or timeout screen to reduce the possibility of an unauthorized employee viewing any sensitive data.

Protection on BFC servers: Once the sensitive information is placed on the BFC servers, it is backed up with a PGP protection system. Tests are regularly performed to ensure the integrity of backups. In addition,the site is constantly monitored for breaches and suspicious activity. And with such extreme encryption and firewalls, BFC servers are invisible—only those with authorization know the files are there.

Privacy during printing: BFC has printers in a controlled environment designated for HIPAA files only. Even scrap printed pieces containing PHI are promptly destroyed in an enclosed and locked shredder. Once pieces are printed, they are put into secured containers until the next stage of production. Pieces prepared for mailing are kept in a locked, pass code accessible only caged area until transported to the post office. After printing, all files are returned to the client.

Preparing for the “what ifs”: BFC can control just about everything—except maybe the weather. In the event of a tornado, flood or severe power outage, we have contingency and disaster recovery plans in place. Within 48 hours, BFC can be up and running at a secured, remote location.

Facility security: BFC prides itself on a safe and secure working environment. All employees must use pass cards to enter the building. Visitors and contractors are escorted at all times and are required to sign confidentiality agreements if coming in proximity of PHI or PII.

Employee integrity: Before an individual is considered for employment at BFC, an extensive background check is performed before and after hire. When an employee leaves BFC, access to any programs and files is deleted.

Looking ahead: To continue making best practices a priority, BFC will soon be ISO 9001 certified. Johnson concludes, “We want to ensure that the needs and expectations of our customers are always met.”