Dependent Eligibility Audit
Security Information
At ContinuousHealth, we understand the importance of document security and are sensitive to employees who are concerned that their personal information may fall into the wrong hands. In addition to our extensive physical, administrative and technology safeguards (see Q& A below), we encourage employees to "black out" sensitive information (account numbers, SSNs, place of birth, etc.) on their documents. If our adjudicators need additional information, we will contact the employee.
Describe the process for imaging and retaining all the verification documentation in digital format.
Once a document is received, it is logged, imaged and all of the relevant data elements from the document are entered into our secured audit application system. A data entry validation process is in place to ensure high levels of accuracy. A small group of "cleared" personnel is responsible for scanning the documents.
Describe your process for securing hard copy documents.
All documentation is kept in dual keyed, secure storage facilities. Access to the keys is limited to management personnel and requires supervision to open. Removal and return of all documents are logged. All logs are reconciled at the end of each business day. In addition, our policy is that that all documents must remain in the physical presence of the employee who has checked out the document. Data entry occurs in a clean room facility to minimize the risk of unauthorized data access. Access to the data entry room is restricted to authorized personnel wearing appropriate ID badges. All data entry user systems are specifically designed to not have floppy, USB, or other removable storage media. Cell phones, cameras and other electronics are prohibited from being brought into the data entry facility. Physical paper, while allowed in the data entry facility, may not be removed and is destroyed once used.
Describe how you plan to store and retrieve employee data including back-ups.
All data is stored in a network attached storage cluster in our secure data center. The data center is SAS 70 certified. ContinuousHealth operates as a HIPAA covered entity in support of our Benefits Administration businesses and, as such, has documented procedures for physical safeguards, administrative safeguards and information security safeguards in compliance with HIPAA best practices. Information is secured in RAID 5 configurations as well as backed up to separate devices nightly.
How long are hard copy documents retained? How are they destroyed?
Hardcopy documents are retained through the conclusion of the Appeal Phase. This is usually no longer than 45 days after the conclusion of the audit. Physical documents are then destroyed through a bonded document destruction process.
|
