Custom Computing Corporation (CCC) is committed to safeguarding its reputation and integrity through compliance with applicable laws, regulations, and ethical standards in each of the markets in which it operates. Our employees are expected to adhere to all state and federal regulations as well as our business values and ethical standards. Our management team is responsible for ensuring we remain in compliance and conduct business with honesty, integrity, and commitment.
The Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) Act defines policies, procedures, and processes that are required for companies that store, process, or handle electronic protected health information (ePHI).
At CCC, we take our responsibilities towards client & patient confidentiality very seriously and have dedicated both time and resources to train our workforce; develop and implement administrative, physical, and technical safeguards to protect PHI/ePHI shared by our clients.
Our HIPAA Compliance Program Includes:
- Designation of a HIPAA Privacy and Security Compliance Officer(s)
- The development of an annual HIPAA awareness and education program for our employees
- An Employee Sanctions Policy should any HIPAA compliance violations occur
- Annual risk assessment to identify and document any area of risk associated with the storage, transmission, and processing of ePHI and have analyzed the use of our administrative, physical, and technical controls to eliminate or manage vulnerabilities that could be exploited by internal or external threats.
- Enforcing the use of technological protocols such as: access controls, integrity procedures, firewalls, activity monitoring and other audit mechanisms to record user access to information systems that use ePHI, use of encryption, automatic logoffs, password management procedures, VPN tunnels, etc.
CCC Is Committed To:
Ensuring compliance with the regulatory requirements of HIPAA-HITECH.
The continual assessment and refinement of our safeguards to mitigate risk.
Ensuring that ePHI is encrypted at all times.
Maintaining both PHI and ePHI within our possession in a secure environment.
Monitoring access to the office environment and systems that contain PHI/ePHI.
As a third party service provider that provides services to financial organizations, CCC is subject to applicable financial regulations such as Sarbanes Oxley Audits and Gramm-Leach-Bliley Act. In this role, CCC has successfully demonstrated its commitment to compliance with all requirements in support of our financial clients. Our policies and procedures are continually being reviewed, updated, and modified to ensure ongoing compliance to regulations within the markets our financial clients operate.