When it comes to data, we leave no stone unturned in ensuring its security. Red Road is HIPAA and GDPR compliant. We are also SOC2 Type 1 Certified and in the process of getting the SOC2 Type 2 Certification.
Based on the above Data Security requirements, the following are some of the best practice controls that Red Road adheres to:
- Employees access Protected Health Information (PHI) via encrypted connection. High security firewalls restrict the movement of information.
- Encryption of stored data and data in transit with Laptops and Desktops encrypted as well as emails containing PHI/PII.Endpoints protected with anti- virus technology.
- Restricted access to Internet, limited to job function. A separate network available on separate computers for Internet access unrelated to job function.
- Restricted access to emails. No emails are allowed to go out, to any domain, unless it is the customer domain or is part of whitelist domain.
- Protection against viruses and malware.
- Each managed network perimeter monitored for unauthorized access. Incident Response procedures in place to monitor for significant security events.
- Segregation of the production floor to create a separate “Protected Zone” called the “PHI/PII Zone” with additional physical and technical controls including no smartphones or recording devices allowed in the Zone.
- A Security Guard deployed outside the entry gate of the PHI Zone.
- Secured area with badge access. Each employee given an access card with defined and controlled access limited to their job function.
- Access to the PHI Zone is controlled/restricted through access cards given to each employee.
- Video recording of each employee in the PHI/PII Zone as well as recording of each employee’s desktop.
- The entire facility monitored real-time by a security guard 24/7/365. Should incidents occur (e.g. tail-gating through a badged access point) the security guard sends video proof to the compliance officer for appropriate action. Recordings are stored at a different location, for future reference.
- For each user, the complex passwords for their login ID are mandated. Regular password changes are also enforced.
- No employees with access to PHI/PII allowed to work from home unless the client directs this to be done.
- Regular security awareness and job specific HIP AA privacy and security training programs given to employees.
- A dedicated on-site HIPAA compliance officer.
- All employees trained in HIPAA compliance, privacy and security upon hire.
- HIPAA compliance, privacy and security posters are found throughout all locations.
- A sanction policy in place at all locations for any HIPAA-related violations or violations of the Company policies.
- Background checks completed for all new employees.
- New employees are given access privileges depending on the work that they are assigned to.
- All new employees receive privacy and confidentiality training and sign a confidential agreement.
- Regular audits of HIPAA compliance solutions programs and formulation of corrective plans to address any violation of compliance is observed.
Please reach out to us at firstname.lastname@example.org, if you need to understand more about our data security protocols.