INDUSTRIES

 

 

Organizations in the information and records management industry provide document storage, document management, digital and analog archiving, and related support services. Service organizations offer outsourced services and have their own secure offsite locations to store and shred sensitive information. Most companies focus exclusively on information and records management, while others offer document management in addition to other business services. 

 

Client provides records storage, imaging, document shredding, and offsite data storage all within a secure, centralized environment.  Client offers a complete menu of integrated information management services including Digital Document and Records Management; document imaging/scanning and conversion; outsourced hosting; smart web portals; workflow tracking; image enabling and more.

 

 

Securely storing medical records, while allowing them to be accurately tracked and available at a moment’s notice, is at the core of client’s medical records management service.  Client’s Healthcare Information Management Suite seamlessly links every department – Accounting, Billing, Patient Services, Compliance, Medicine, Human Resources, and Information Technology – in order to reduce costs, increase access and improve care.  Client scans and digitally store all records within the eVault system or Online Records Center as well as physically within a Records Center.  Documents are available to manage online via eAccess, while still remaining available for physical delivery whenever necessary.

 

Management at client recognized their client’s need for an independent review of the controls maintaining the privacy and security of the medical records and patient information being stored via client’s medical records management. Emphasis was placed on providing assurance that client’s controls associated with the medical records management solution met government mandates associated with the release of protected health information (PHI).

 

A-lign performed an attestation engagement under the AT section 101 reporting framework, producing a report on management of controls and tests of operating effectiveness in accordance with the applicable sections of ISO/IEC 27002 (information technology – Security techniques – Code of practice for information security management) and ISO/IEC 27799 (Health Informatics – Information security management in health) related to the electronic and hard copy medical record storage services. The applicable sections of these standards included; Organizing Information Security, Asset Management, Human Resources Security, Physical and Environmental Security, Communications and Operations Management, Access Management, and Incident Management.