Privacy and Security Commitment
At Comstar Ambulance Billing Service (Comstar), the privacy and security of client information is treated with the utmost importance. Recognizing the critical nature of safeguarding sensitive data, especially in the healthcare sector, efforts have been made to align security practices with industry standards, including HIPAA, ISO 27001, NIST 800-171, and NIST 800-53. These standards guide the implementation of security measures designed to protect the confidentiality, integrity, and availability of the data entrusted to Comstar.
Security Practices
Data Encryption and Protection:
Sensitive data is encrypted both in transit and at rest using industry-standard encryption protocols. This approach ensures that data remains secure and unreadable, even if intercepted during transmission.
Access Controls:
Access to Comstar’s resources is strictly controlled, with only authorized personnel granted access. This access is restricted to the information necessary for job functions. Multi-factor authentication (MFA), role-based access controls (RBAC), and regular audits are employed to ensure compliance with access policies.
Secure Systems and Infrastructure:
Secure, approved systems are utilized, designed with security in mind. These systems are regularly updated and patched to defend against emerging threats. The infrastructure is protected by advanced firewalls, intrusion prevention systems (IPS), and continuous monitoring, which are in place to detect and respond to any suspicious activity.
Regular Security and Privacy Training:
Comstar employees undergo regular, mandatory security and privacy training. This training is tailored to address the latest threats and regulatory requirements, ensuring that the team remains informed about best practices in data protection.
Incident Response and Recovery:
A detailed incident response plan has been established to manage security incidents effectively. This plan includes protocols for containing and mitigating incidents, as well as procedures for recovery. Drill(s) and tabletop exercise(s) are conducted to ensure preparedness in handling potential security breaches.
Compliance and Auditing:
Security practices are regularly audited by third-party assessors to ensure alignment with HIPAA, ISO 27001, NIST 800-171, and NIST 800-53 standards. Continuous efforts are made to achieve critical components of these standards and to improve the overall security posture.
By choosing Comstar, confidence can be placed in the commitment to upholding high standards of privacy and security. Continuous efforts are made to improve practices and ensure that information is always handled with care and protected by robust security measures.