Security & Compliance Protocols
ARIA Health Services is committed to a robust security, privacy, and compliance program.
Dedicated Oversight, Routine Risk Assessments
ARIA’s Chief Legal Counsel, a Certified Information Privacy Professional, serves as Privacy, Security, and Compliance Officer. We also have a skilled Information Technology and Infrastructure expert to oversee the cybersecurity program.
ARIA conducts routine security risk assessments and security testing of all systems and processes annually. Testing is conducted by a recognized outside security vendor.
ARIA limits physical access to its ePHI Systems and to the facility or facilities in which they are located or accessible. If such facilities are controlled by a third party, ARIA requires the third party to limit physical access and have sufficient controls for access to the facility.
Access is granted only to those Workforce Members and individuals who have a business need to know and who have been authorized to access ARIA’s facilities and areas where ePHI Systems are contained or accessible.
System Log-in & Password Management
To prevent unauthorized access to and use of ePHI contained within its ePHI Systems, and to ensure strong passwords ARIA requires Users and Workforce Members to take appropriate measure to select and secure passwords that allow such access to ePHI Systems or workstations.
ARIA also regularly tracks the identification and authentication of those accessing its ePHI Systems. ARIA will monitor log-in attempts to its ePHI Systems and has a password reset procedure following lock-out for failed password attempts. Such monitoring ensures that appropriate measures are implemented to verify access to all of ARIA’s ePHI Systems.
ARIA Workforce Members are required to take Privacy, Security, Breach and Compliance Training annually. All ARIA contractors or vendors operating on behalf of ARIA have contract requirements to certify that their workforce and subcontractors have participated in adequate compliance training.
Incident Response Team
ARIA has a standing Incident Response Team, which consists of trained executives and subject matter experts ready to respond at a moment’s notice to a privacy, security or compliance incident.