Home | About Us | Services | Industry Solutions | Contact Us | Careers

FAQs

How does Data Dimensions ensure regulatory compliance is followed?

At Data Dimensions, we integrate security and privacy into all phases of training and on-going, day-to-day operations. Our privacy program addresses all elements of information privacy, compliance, and preparedness to information security, electronic communications policies and procedures, computer security, user guidelines, and security awareness. This includes requirements outlined by HIPAA in relation to PHI, GLBA, PCI, Sarbanes-Oxley, and other regulatory initiatives. We monitor legislations, both at the federal and state levels, ensuring compliance with regulatory obligations. Appropriate physical controls are in place to provide secure access to facility and sensitive, controlled areas. Environmental controls for fire suppression, flood control, and HVAC are in place to protect critical systems and source data. In addition, SAS 70, Level II audits and verification are performed annually by a third party.

Is Data Dimensions HIPAA (Health Insurance Portability and Accountability Act) compliant?

Yes, Data Dimensions is 100% HIPAA compliant. HIPAA, which was enacted into law in 1996, addresses security and privacy of health information. The Privacy Rule establishes standards for the use and disclosure of Protected Health Information (PHI). PHI is your protected health information - information about health status, provision of health care, or payment for health care that can be linked to you - a specific individual (e.g. medical records). Security safeguards of your medical records and other individually identifying health information in any form - paper or electronic - are in place at Data Dimensions. For example, employees are trained upon hire and receive ongoing training in regards to privacy, confidentiality, security, and procedures, documents and information are accessed on a "need-to-know" basis, and you are allowed to assign different levels of access to records and information, as needed, to ensure HIPAA compliance and confidentiality.

What is NPI (National Provider Identifier)?

Entities using electronic communications are required under HIPAA to use the NPI. This is a national identifier (10 digits) that is assigned to each healthcare provider. Data Dimensions has implemented and created NPI field requirements for our clients' workflow solutions, as needed.

What is GLBA (Gramm-Leach-Bliley Act)?

Also known as The Privacy or Consumer Financial Information Rule of the Gramm-Leach-Bliley Act (GLBA) requires financial institutions to ensure the security and confidentiality of non-public, personal information such as name, address, account number, payment history, etc. At Data Dimensions, we comply with administrative, technical, and physical safeguards to protect confidential information and protect against unauthorized access to your information.

What is PCI (Payment Card Industry) Security Standards?

PCI, or Payment Card Industry, Security Standards include requirements for security management, policies, procedures, network architecture, software design, and other protective measures. These standards protect cardholder's data, ensuring safe handling of sensitive/private information, and combat fraud. Data Dimensions is in compliance of PCI DSS (Data Security Standard), we ensure technical requirements for the secure storage, processing, and transmission of your data. In addition, we audit procedures and scanning procedures. At Data Dimensions, we:
- Maintain a secure network, regularly monitor and test our systems, and maintain I.T. security policies (and update, as needed).
- Protect data using SSL and data encryption for transmissions.
- Ensure compliance regarding passwords and other security parameters, such as policies and procedures regarding wireless usage, computer access, virus protection, and using remote production.
- Securely protect, restrict access on a "need-to-know" basis,, and dispose of information on a schedule you set.

What is SOX (Sarbanes-Oxley Act)?

Also known as the Public Company Accounting Reform and Investor Protection Act of 2002, SOX, is a law that went into effect in 2002, following a series of high profile scandals in the business world. The legislation covers standards (such as audits, corporate governance, and internal control assessment) and requires enhanced financial reporting for all U.S. public companies to ensure transparency, helping to prevent or detect fraud, conspiracy, and/or destruction of evidence. By outsourcing with Data Dimensions and using document storage and retrieval services, we:
- Ensure only authorized individuals have access to your documents.
- Archive and retrieve your documents, saving you the hassle of misplaced, destroyed, or lost documents and saving you time in retrieval of critical business documentation.
- Streamline your business processes and provide for more transparency, where control and reporting requirements are key to your SOX compliance.
- Improve your reporting, where we provide you reliability and transparency in your documentation of business processes and controls.

 

All information provided on this site, is for informational purposes only, and not intended as legal advice. Please seek legal counsel for further information and/or advice regarding regulatory requirements critical to your business needs.

 

Home | About Us | Services | Industry Solutions | Contact Us | Careers