Security & Compliance

Our Commitment to Security

At OMNICARE BILLING & IT SOLUTIONS LLC, security is not an afterthought—it's foundational to everything we do. We implement comprehensive technical, administrative, and physical safeguards to protect Protected Health Information (PHI) and ensure compliance with HIPAA, state privacy laws, and industry best practices.

HIPAA Compliance Framework

We maintain full compliance with the HIPAA Security Rule, Privacy Rule, and Breach Notification Rule. Our compliance program includes:

• Annual risk assessments and security audits
• Documented policies and procedures
• Regular workforce training and testing
• Incident response and breach notification procedures
• Business Associate Agreements with all subcontractors
• Continuous monitoring and improvement

Technical Safeguards

Encryption

• Data in Transit: TLS 1.2 or higher for all data transmission
• Data at Rest: AES-256 encryption for stored PHI
• Email Security: Encrypted email for PHI transmission
• Backup Encryption: All backups are encrypted

Access Controls

• Multi-Factor Authentication (MFA): Required for all system access
• Role-Based Access Control (RBAC): Users only access what they need
• Unique User IDs: Individual accountability for all actions
• Automatic Logoff: Sessions timeout after inactivity
• Password Requirements: Strong password policies enforced

Audit Controls

• Comprehensive logging of all PHI access and modifications
• Regular audit log reviews
• Automated alerting for suspicious activity
• Tamper-proof audit trails

Integrity Controls

• Data validation and error checking
• Version control and change tracking
• Regular data integrity audits
• Backup verification and testing

Transmission Security

• Secure VPN connections for remote access
• Network segmentation and firewalls
• Intrusion detection and prevention systems
• Regular vulnerability scanning and penetration testing

Administrative Safeguards

Security Management

• Designated Security Officer responsible for compliance
• Annual risk assessments identifying threats and vulnerabilities
• Risk management strategies and mitigation plans
• Sanction policy for security violations
• Information system activity review

Workforce Security

• Background checks for all employees
• Confidentiality agreements signed by all workforce members
• Access authorization and modification procedures
• Termination procedures ensuring immediate access revocation

Training and Awareness

• Mandatory HIPAA training for all employees upon hire
• Annual refresher training
• Security awareness programs and phishing simulations
• Incident response training and drills

Contingency Planning

• Data backup plan with regular automated backups
• Disaster recovery plan with defined RTOs and RPOs
• Emergency mode operation procedures
• Regular testing and revision of contingency plans

Physical Safeguards

• Facility Access Controls: Restricted access to areas containing PHI
• Workstation Security: Positioned to prevent unauthorized viewing
• Device Controls: Inventory and tracking of all devices
• Media Disposal: Secure destruction of PHI-containing media
• Physical Security: Surveillance, alarms, and access logs

Vendor Management

We carefully vet all vendors and subcontractors who may access PHI:

• Security assessments before engagement
• Business Associate Agreements required
• Regular compliance audits
• Ongoing monitoring of security posture
• Incident notification requirements

Incident Response

Our incident response plan ensures rapid detection, containment, and resolution of security incidents:

• 24/7 monitoring and alerting
• Defined escalation procedures
• Forensic investigation capabilities
• Breach assessment and notification within required timeframes
• Post-incident analysis and corrective actions

Compliance Certifications

Our team maintains industry-recognized certifications and stays current with evolving regulations:

• HIPAA compliance training and certification
• Medical coding certifications (CPC, COC, CCS)
• Regular continuing education
• Participation in industry associations

Continuous Improvement

Security is an ongoing process. We continuously monitor threats, update our defenses, and improve our practices to stay ahead of evolving risks and regulatory requirements.

Questions About Our Security

For security-related inquiries or to report a concern: