Dependent Verification Medical + Rx Claims Audits Implementation Audits
About BMI Security AUDiT iQ™ CAREERS
Audit Findings Continuing Education Savings Calculator Resource Center
 

Security that you can count on

 

BMI guarantees your security is of utmost importance, see below how we keep your information safe.

 
 
 

BMI takes the
utmost care of your employee’s information.

 

 

BMI Audit Services is committed to safeguarding Protected Health Information (PHI) and Personal Identifiable Information (PII). Because we inherently operate in a regulatory environment, we have combination of policies, procedures and technology in place to help safeguard any sensitive data we may receive in the course and scope of the work we are engaged to perform. Additionally, BMI is a certified SOC 2 service organization as defined by the AICPA. – aicpa.org/soc. The certification is widely recognized as the worldwide standard for secure and confidential information handling.

 
Security Icon pad@2x.png
 

Physical Security

  • BMI is located at a facility that maintains restricted off-hours access. Additionally, the offices of BMI are protected by a 24/7 security, video and alarm system maintained by a leading provider for security monitoring services.

  • Access to the BMI office and internal rooms are controlled electronically through a key fob access system. Only authorized personnel have accounts and designated access to gain entry.

  • Computer, phone, and networking related equipment is secured in a locked and restricted area.

  • BMI utilizes a leading provider for secure document shredding.

 
 

Information Technology Safeguards

  • All PHI/PII data is encrypted at rest and in transit using modern cryptography standards such as AES-256. In addition, laptop computers utilized by BMI personnel are encrypted at the hard drive level.

  • Only authorized BMI personnel have accounts to gain access to our environment. A strong, complex password policy is employed along with multi-factor authentication. Internal networks are segmented based on data sensitivity.

  • In addition to industry-leading anti-virus/malware, intrusion protection, data loss prevention, and advanced threat protection, resources are protected using the latest software products that identify and authenticate users to validate access requirements.

  • Backups are performed on a 24/7 basis and reside at an alternate SOC 2 certified colocation electronically for business continuity purposes. Backup infrastructure resides on private networks logically secured from other networks.

  • Remote access to the BMI network and servers is controlled using state-of-the-art firewall, monitoring, and networking technology.

  • Industry leading managed detection and response services continuously scan our networks and endpoints of potential vulnerabilities.

 
Security password@2x.png
 

Procedural Safeguards

  • All BMI personnel undergo an extensive background check prior to employment.

  • Access to systems and data are based on the principal of need-to-know and reviewed regularly.

  • Business Associate Agreements are required between contracting parties when any PHI/PII is securely exchanged.

  • Ongoing training and user adherence testing is provided relative to HIPAA, cyber security and privacy and security policies that are regularly updated in a fast-changing data security environment.

  • Extensive insurance coverages are in place including technology, cyber, digital media and professional liability.