Privacy + Security you can count on

 

BMI guarantees your security is of utmost importance, see below how we keep your information safe.

 
 

BMI takes the
utmost care of your employee’s information.

 

 

BMI Audit Services is dedicated to protecting the privacy and security of your Protected Health Information (PHI) and Personal Identifiable Information (PII). We have a number of internal and external policies and practices in place to help safeguard this sensitive data.

We keep your oral, written, and electronic PHI/PII safe using physical, electronic, and procedural means in addition to our extensive insurance coverage. Additionally, BMI is a certified SOC2 service organization as defined by the AICPA. – aicpa.org/soc. The certification is widely recognized as the worldwide standard for secure and confidential information handling.

BMI is located at a facility that maintains restricted, off- hours, access. Additionally, the offices of BMI are protected by a 24/7 security and alarm system maintained by a leading provider for security monitoring services.


Security Icon pad@2x.png
 

Physical Security

BMI is located at a facility that maintains restricted, off-hours, access.  Additionally, the offices of BMI are protected by a 24/7 security and alarm system maintained by a leading provider for security monitoring services.

Access to the BMI offices are controlled electronically through a keypad access system; only authorized BMI personnel have accounts to gain entry.

Our computer and phone equipment are secured in a locked and restricted area.

BMI utilizes a leading provider for secure Document Shredding: any physical printouts containing PHI/PII data are either destroyed using this service or stored securely on-site.

Security password@2x.png
 

Procedural Safeguards

Only authorized BMI personnel have accounts to gain access to our servers. A strong, complex password policy is employed by our server software.

Business Associate Agreements are required between contracting parties when any PHI/PII is securely exchanged. 

All BMI personnel undergo an extensive background check prior to employment.

On-going training is provided relative to privacy and security issues that occur in a fast-changing data security external environment.

Extensive Insurance Coverage: Cyber liability insurance coverage including errors and omissions, data privacy and network security liability, internet and electronic media liability, professional services liability, business interruption, cyber extortion, data and identity theft, intellectual property, and expenses related to responding to a privacy event.

 

Information Technology Safeguards

All PHI/PII data is stored on our central servers and raw data files are encrypted using AES-256 encryption technology. In addition, laptop computers, utilized by BMI personnel, are password-protected at the hard drive level; any data residing on a laptop’s hard drive cannot be accessed without the appropriate password even if that hard drive is placed in a different computer.

Backups are performed on a 24/7 basis. Data that is backed up is first encrypted using AES encryption technology and then delivered to a remote location electronically for Business Continuity purposes.

Resources are protected through the use of the latest software products that identify and authenticate users and validate access requirements in access control lists.  Users are granted access on the basis of the minimum level required to perform assigned job responsibilities.

Remote access to the BMI network and servers is controlled using state-of-the-art firewall and SSL networking technology.