Privacy, Security and HIPAA Compliance

As a Business Associate to its clients, Care Management International ensures strict privacy, security, and full HIPAA compliance

Employee Practices
All employees working with client PHI undergo training on HIPAA and sign additional employment HIPAA privacy agreements. Employees are assigned lockers as needed to deposit their personal belongings, cell phones, and all electronic media devices in order to avoid data theft.

Data Privacy
All data output devices and ports such as disk drives, USB ports and printer ports are disabled in CMI’s operating facilities. Internet connections require authorization, logs of access are maintained and passwords are refreshed. CMI is capable of using a dedicated connection from client facilities to our offshore facilities or use encrypted data connections over secure VPN.

Physical Security
Server rooms have biometric security and controlled access. All gates and physical entrance areas are guarded by 24-hour security personnel and video surveillance.

Transaction Standards
Our in-house transaction engine provides HIPAA compliant output to clients.

Disaster Management
CMI's redundancy and business continuity plans have been designed using FMEA principles and tools and to ensure that HIPAA compliance is not compromised in the event of a disaster.

Additional Measures
Additional processes such as approval and auditable documentation for authorized sharing of PHI can be deployed on a process-specific basis if required.