In a world defined by seamless connectivity and digital advancement, safeguarding electronic Protected Health Information (ePHI) stands as a paramount responsibility, especially within the realm of healthcare. As technology intertwines with the sanctity of personal health data, the stakes are high and demand a robust defense system.
At Terra, we’re strongly committed to the protection of the data that our clients entrust us to translate. To help us achieve our privacy goals, we partner with Total HIPAA and continuously take steps in the various aspects that pertain to our business operations. This helps us ensure that our processes are always compliant with HIPAA’s Security and Privacy Rules. Let’s take a closer look at the three layers of our defense system.
Layer # 1: IT Infrastructure
Our IT Department understands cybersecurity is crucial to protect ePHI and considers it a top priority. Because of this, this department takes the following actions to ensure adequate protection of this information:
All devices owned by Terra are administered and monitored through Microsoft Azure tools, which include observing for potential threats as well as tracking local user activity. Additionally, all of our connections are SSL (Security Socket Layer) encrypted and we are currently working on expanding our corporate VPN to all users for additional security. As a bonus, any activity logs generated by these tools can be analyzed on demand.
Software and hardware monitoring
We continuously monitor both software and hardware through Microsoft Intune, as well as the configuration and subsequent deployment of proprietary security policies. In order to provide maximum security to our clients, Terra hosts all information on our own secure on-premises server in Milwaukee, Wisconsin. This ensures that the information stays within our secure environments, enabling us to have more control over the management of information.
To help enhance security, Terra utilizes Microsoft Defender for Endpoint to ensure security through MFA for all Active Directory users. Our team also has limited access to protected health information. They can only view what is necessary and individual access to ePHI is constantly logged. Additionally, all our devices containing protected health information are encrypted and have strong password protection. We frequently update these passwords to maintain their strength.
When it comes to our internal and external communication, as well as the sharing and management of files, knowledge bases, and content in general, we use Office 365 Suite for seamless collaboration across the organization.
Layer # 2: Our Team
Just as crucial as the IT infrastructure, having a team of people behind it who know how to use the tools is as important—if not more. Here’s how we make sure our team has the tools, resources and knowledge to remain compliant:
All team members with access to protected health information, from leaders to project managers, are trained on the HIPAA compliant procedures and processes in place so they can handle ePHI securely from initial reception to final client delivery. This includes HIPAA concepts, standards, and security and privacy measures. Every member that passes all the courses also receives an official certification from Total HIPAA and is required to sign a confidentiality agreement that protects patient privacy. We promote and encourage a culture of compliance. Because of this, every year, our team participates in additional training.
Documents that contain ePHI and require translation services are carefully assigned to linguists who are both experts in the healthcare field and are also trained in HIPAA compliance. To evaluate their knowledge, we created an internal test that they must pass to demonstrate their ability to properly handle the documents with the utmost care. These linguists are not able to download the ePHI to their own devices and always work within secure environments.
Layer # 3: Our Privacy Officer
Having the right team in place makes all the difference. Our Privacy Officer, Matías Giannoni, oversees the development, implementation, maintenance and adherence to the procedure regarding the safe handling of ePHI in compliance with HIPAA regulations. Matías acts as a liaison to the IT Department to ensure privacy and security practices are implemented. He guides the training of our team, addresses any concerns individuals may have, and promptly analyzes if actions should be taken.
A Commitment to Risk Assessment, Mitigation and Continuous Improvement
Maintaining confidentiality, document control, and client trust are vital to Terra. This commitment is illustrated by the entire Terra team executing risk assessments on a yearly basis under the most stringent guidelines and practices to preserve the security of all private information entrusted to us.
Our journey towards maintaining privacy is always evolving as HIPAA regulations are subject to change. As a result, we continuously improve our policies and procedures to stay up to date.