Security and Your 340B TPA: What Your Organization Should Expect
You don’t have to go far to see, hear, or worse, experience some form of Cyber/Technology Security Breach. It’s a scary fear and can escalate quickly, affecting thousands if certain measures and protocols are not put in place for proactive protection as well as reactive.
Of course, one that hits close to home is that attack on another 340B Third-Party Administrator. This ransomware attack affected over 1.6 patients nationwide and the actions to remedy this are still ongoing.
340Basics feels that it is imperative to educate Covered Entities on the importance of instituting the highest level of data security and review what your organizations should be implementing, what we here at 340Basics do to go a step further. You should expect nothing less from your current TPA.
What is Data Integrity?
- Integrity means the property that data or information have not been altered or destroyed in an unauthorized manner.
- Trustworthiness of information over its entire life cycle.
- Data reflects the “what” from beginning to end.
- From onset (encounter, visit, admission) to primary and secondary uses of the same data.
- As data structure might change, the data continues to reflect the what.
- Uniform, trustworthy, complete, unchanged meaning, secure.
340Basics adopts the highest security and privacy protocols to protect health information and the data of our customers. Security is EXTREMELY important to 340Basics. We are SOC 2 certified and perform an annual HIPAA Assessment and Penetration Test. For access to any of 340Basics technology solutions, we provide all covered entities and pharmacies with an individual login and password to our software solutions. Usernames and passwords are in created according to HIPAA protocols.
Processes, Policies and Procedures
Formal policies and procedures exist that describe logical access, information security, user data confidentiality, risk management, disaster recovery, and change management. All 340Basic personnel adhere to the policies and procedures that define how services should be delivered. It is an employee policy that we take incredibly seriously and actively test.
340Basics is committed to protecting the ePHI of its clients and expects all its employees to demonstrate a similar commitment. 340Basics recognizes that compliance with the HIPAA Security Rule is not a onetime event but rather a continuous process. We encrypt data both in-transit and at-rest as required by both HIPAA and HITRUST protocols. For encryption between the front-end application to the end user we are using SSL certificate from an authorized CA.
Anti-Virus & Intrusion Detection
340Basics protects its systems against infection by computer viruses, malicious code, and unauthorized software by implementing antivirus software. Antivirus software is typically installed on servers, workstations, and laptops to detect and prevent the transmission of data or files that contain certain virus signatures recognized by the antivirus software.
Virus signatures/definitions are automatically updated and the antivirus solution is configured for live protection and real-time scanning. We maintain control of our protection by restricting the ability to administer the antivirus solution to authorized personnel only.
An Intrusion Detection System (IDS) solution is deployed to automatically detect threats and suspicious network activity. The IDS is configured to report on any intrusions identified by the firewall. The ability to administer the firewall is also restricted to authorized personnel.
We understand that this is not only a fearful topic, but one that can be overwhelming – but it is something that your organization needs to consider and scrutinize your current TPA’s policies and security tools. We are happy to set-up a call or meeting to diver even deeper into this topic.
Share your concerns,
we’ll deliver solutions.
Contact our team today.