Direct Bill began operation with security and
information privacy in mind. We understand the
complexity and commitment it takes to follow and
maintain compliance with the Health Insurance
Portability and Accountability Act of 1996. HIPAA
is governmental standard that not only the confidentiality
of information, but it standardizes the exchange
methods and uses. While the patient’s healthcare
information (PHI) remains a high priority, Direct
Bill has gone beyond the regulatory guidelines
to protect not only the patient, but the facilities
that we represent in preparing information.
Direct Bill is an extension of the service provider;
however, we have developed a strategy of Fusion,
which combines both the policies and security
of clients with our own. In cases where the provider
has policies less robust than our own, Direct
Bill steps up to assist in improving the procedures
of information and security protocols. Our systems
are secure, our archives are encrypted, and our
procedures are iron-clad.
Data Exchange & Process
Direct Bill’s network security begins at
the Internet Gateway. Direct Secure is proprietary
software developed by Direct Bill which delivers
more protection for corporate networks and their
file transfers than anything else in the market.
To keep up with new security issues, Direct Bill
is aggressive in protecting our Gateway and interface
links with clients. With the release of Direct
Secure v2.5, you can rest assure that security
is at its highest level allowing for more efficient
productivity.
Direct Secure is based on 128-bit file encryption.
To gain access to the Direct Bill processing network,
you must be granted access within our framework.
Although each customer has partial and sometimes
full access to the Direct Portal site, not all
customers have full access to files available
on our site.
Each customer is granted initial permissions to
view content and information about products and
services. However, each client must submit individual
user names and passwords for each person to have
access to the Direct Bill System. Even then, each
user must be granted special permissions to view,
upload, download, and print sections of the client
access.
Historically, we set up an administrator of the
account who will have full access to all uploads,
downloads, reports, and printing sections of the
web. The administrator can monitor their own user’s
actions as well as their productivity within the
site.
The security for our clients is top priority,
and we will not break our protocols and procedures
for any reason. To ensure proper document security
for each client, Direct Bill has developed our
Security Protocol Procedure (SPP). The Security
Protocol Procedure adopted by Direct Bill covers
the following areas:
24
Hour Access Monitoring
All users are
monitored by computer systems for activity within
the system. This monitoring logs every key stroke,
each web page viewed, and all activities conducted
while in the system.
24
Hour Security Surveillance
Our facilities
and are secured by state-of-the-art security
monitoring systems utilizing camera surveillance
and keypad entry.
File
Deletion
After files have been
encrypted and archived for 121 days, they are
deleted, and wiped from our systems. No further
records will be kept except for confirmations
sent to clients for verification of deliveries.
File
Encryption
After files have been
processed, the files are removed from the server
side to a second server which has no direct
connection to the web. There the files are encrypted
and then archived for 120 days.
Unauthorized
Access
Only qualified technicians have
the ability to view or handle customer material,
and only under constant surveillance. No persons
are allowed in any portion of our production
area until all jobs have been processed, strapped,
sealed, and delivered to the United States Postal
Service.
User
Level Activity Monitoring
Our activity monitoring system monitors the activity
of users 24 hours a day. If for any reason a
user logs into the network during non-working
hours specified by our network administrators,
the user will immediate loose access to the
system until the client administrator can be
contacted.
Virus
Detection Network
While each client uploads data through Direct Upload, our
virus detection system scrubs the files for
viruses, worms, and any other type of macros
or scripts embedded by the uploaded file.
Waste
Destruction
To ensure proper document security, we destroy all material not
used during production. Each sheet is cross
shredded and then sent to a recycling facility.
Employee Commitment
Direct Bill’s business associate commitment
goes beyond the norm. Our internal procedures
cover every aspect of day-to-day interactions.
Each and every employee has been trained and schooled
on the confidentiality of patient information
as well as signing confidentiality agreements.
While educating our employees is the first step,
continuous education about HIPAA and PHI are ongoing.
On completion of seminars and HIPAA updates, employees
are required to take tests for comprehension.
Direct Bill’s commitment to the PHI can
be a benchmark for many organizations. For more
information about our HIPAA readiness or privacy
protocols, please contact us today at 1.877.494.7570.
............
Through highly integrated proprietary software
developed by Direct Bill, we are able to
offer a wide variety of primary & secondary
services
