DRU.com is HIPAA Privacy and Security Compliant. Under HIPAA privacy rules, DRU.com is considered a Business Associate, and we are compliant with all applicable rules and regulations of the Health Insurance Portability and Accountability Act (HIPAA) of 1996. We are committed to keeping all PHI (Protected Health Information) that you entrust to us private and secure. We have instituted policies and procedures to ensure this is done, including, but not limited to, the following:
All employees have been trained on HIPAA rules and procedures and are required to re-take this training every 2 years.
All employees are required to sign a confidentiality agreement as a condition of employment.
All policies and procedures related to information and physical security are frequently reviewed to ensure they are up to date and follow any new or revised regulation.
We have implemented Information Security procedures such as:
- Automatic expiration of passwords.
- Account lockouts upon numerous failed log-in attempts.
- Transcripts and exhibits sent and received through secure file transfer (Citrix’s ShareFile).
- Data-at-rest encryption.
- Email verification.
- Automatic virus scans.
- Secure data backups.
- All subcontractors are required to sign a Business Associate Agreement agreeing to uphold our information security standards.
- All visitors to our office are required to sign in in order to be granted access.
- Any potential or actual breaches are logged, investigated, and reported.
We are committed to keeping all PHI (Protected Health Information) and sensitive information secure and to keeping our systems and procedures up to date and in compliance with all related regulations. We understand that keeping your client’s information safe is of the utmost importance, and we take this very seriously when processing your transcripts, copying exhibits, or any other of the myriad of ways we come across this information while doing our job.