Privacy and Security

Protecting the privacy and personal information of audit participants is a priority for HMS Employer Solutions.  Our experience in dealing with sensitive information has allowed us to develop a comprehensive privacy and security policy.  Our processes are fully comply, and often exceed, the privacy and security mandates set forth by the Health Insurance Portability and Accountability Act (HIPAA), Employee Retirement Income Security Act (ERISA), and the Federal Trade Commission (FTC). We are committed to keeping sensitive information secure.

Information Collection and Retention

HMS will only collect the information necessary to complete our audits. Any superfluous information is removed from our systems and destroyed.

All documents received are immediately scanned and stored securely.  Access to physical documents is restricted.  All documents will be securely stored by HMS for the time period defined by each audit. Upon expiration of the retention period, the documents and any scanned images will be confidentially and securely destroyed onsite by bonded and insured data destruction professionals.  A Certificate of Destruction will be provided to the employer.

Information Technology Security

HMS’s computer systems are regulated and secured to meet the exacting standards that are needed to handle sensitive data. Our systems are protected from external attacks by a state of the art firewall and segmented computer networks. Our systems contain password policies that ensure passwords are complex enough to be secure, and that they are changed often. Laptops are not used for dependent audits; access to data is restricted to specific users on our internal servers.  Backups of our data are kept in an access-controlled vault offsite with a bonded and insured data storage company. Any electronic communication of sensitive data utilizes the Secure Sockets Layer (SSL) Protocol, the same technology used by many commercial banks. Our IT professionals regularly audit our system logs for any unauthorized use of our systems.  In addition, individual workstations used by call center representatives and auditors have restricted capabilities.  These workstations are unable to print, send external e-mail or view external websites.

Physical Security

HMS Employer Solutions controls its physical environment with badge entry systems. These systems allow us to only grant access to the areas of the building that are relevant to each employee’s position. Our physical security is also enhanced by alarm systems, surveillance cameras, and other methods which cannot be disclosed.

Employee Security

All HMS employees undergo extensive background checks prior to joining our team. Each employee also receives ongoing training and supervision to ensure that they are complying with our Security and Privacy Policy.  Additional security measures are also in place but cannot be specifically disclosed due to their sensitive nature.

If you have any questions regarding our Security or Privacy Policy, please contact us.