Security

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations govern ARMUS Corporation’s use and disclosure of protected health information (PHI).

It is ARMUS Corporation’s policy to comply fully with HIPAA administrative, technical, and physical safeguards to ensure confidentiality, integrity, and availability. ARMUS Corporation employs external auditors to verify that they are in compliance with the HIPAA Privacy and Security Rules on an annual basis.

All ARMUS employees, interns, and volunteers must comply with ARMUS’ HIPAA Privacy and Security Policies and Procedures, which includes participating in annual training.

ARMUS Corporation employs external auditors to validate compliance with the HIPAA Privacy and Security Rules on an annual basis.

Administrative Safeguards

ARMUS supports minimum necessary provisioning of access based on roles and responsibilities both for its staff and clients. Roles and privileges are created based on need for access to confidential data.

Technical Safeguards

ARMUS employees have unique usernames and passwords to access the computer network. PHI is only stored in approved password protected and encrypted devices. In addition, all ARMUS clients have unique usernames and must adhere to strict password requirements to access ARMUS applications.

Physical Safeguards

ARMUS servers containing PHI data are kept in a secure facility, restricted to those with proper authorization. ARMUS provides encryption for data both active and at rest.