TSI is fully HIPAA compliant — an imperative for debt collection security.
In the field of collections, where patient accounts are transmitted electronically, third-party vendors must comply with a number of regulations in order to ensure cyber security and protect critical client data. The first in a series of 5 articles around important security controls and the state of information security within the collection industry, this article looks closely at HIPAA regulations and the steps TSI has taken to ensure all critical information and the underlying infrastructures that support them are secure.
HIPAA and Cyber Security for Collection Agencies
The requirements for the Health Insurance Portability and Accountability Act of 1996 (HIPAA) include three key Security Rules that providers must address in order to comply with the law. These rules were designed to provide cyber security in areas such as card payment security and to ensure the safety of confidential patient information.
Collection agencies like TSI must develop technology infrastructures that ensure the safe storage and electronic transmittal of data, as well as developing employee protocols — or risk being in violation of the law.
Specifically, there are three key regulations that must be addressed as part of HIPAA compliance:
- Administrative Safeguards take up more than half of the HIPAA Security guidelines. These rules require policies and procedures to maintain electronic health information and to train employees in how to protect it. The policies encompass risk analysis, management, a policy for non-compliance, and information system security protocols.
- Physical Safeguards govern the cyber security infrastructure and the transmittal of data through the cloud, along with data storage. It also covers policies and procedures that govern electronic information systems and the physical protection of facilities from intrusion from theft as wells as business continuity and cyber security in the event of a natural disaster. Facility access controls, contingency planning, validation procedures, and maintenance are all covered under this rule.
- Technical Safeguards are increasingly important to cyber security, and HIPAA recognizes that technical advances in healthcare make this a moving target. Therefore, the HIPAA Technical Safeguards are “based on the fundamental concepts of flexibility, scalability and technology neutrality.”Within this neutrality comes the responsibility to set user access rules for programs, files, infrastructures, and applications. Encrypting files while at rest (stored) and in transit to and from the internet are requirements under this rule. Establishing emergency access protocols that can mitigate data breach, creating unique user identification, and an automatic logoff procedure are required.
TSI not only complies with all three of these rules, our firm exceeds them:
- TSI complies with the Federal Information Security Management Act and the National Institute of Standards & Technology security controls.
- Payments and transactions are secured through PCI DSS 3.2 controls in a secure ecosystem.
- TSI is a certified SSAE 16 SOC 1 Type 2 service provider.
Our entire security framework is based on ISO27001:2013 standards in a single controlled infrastructure that is monitored and managed at the highest security levels.
To read the HIPAA Security Rules, click here.
Cyber security for collection agencies is part of HIPAA compliance.
Debt Collection Security and HIPAA
Any cyber security expert will express that IT security is a moving target. At TSI, we regularly audit our cyber security strategies for continued compliance with HIPAA and other regulatory requirements. Because collection agencies typically work across a variety of industries, it is important to regularly review local, state, and federal guidelines, as well as keeping IT systems secure from new and emerging threats.
Ensuring HIPAA compliance as part of any operation involving confidential client data is an imperative for any third-party vendor. TSI is proud of our commitment to compliance with all applicable regulations, including credit card payment security and HIPAA, as well as other applicable laws. It is our philosophy that the protection of critical client data is not only a legal mandate – it is simply the best way to conduct business practices in an uncertain world.
Learn more about TSI’s commitment to Cyber Security: