Forward Health Group, Inc. (FHG) employs physical, administrative and technical safeguards to secure the non-public health care information supplied to us by our customers and prevent unauthorized access to this information. We exchange information with our customers in accordance with written business associate agreements that address the parties’ obligations with respect to security, authorized use and disclosure, and tracking responsibilities.
FHG’s team of legal and security experts works to ensure that we meet the strictest standards. All of our customers’ data is hosted at a physically secure, SSAE 16 Type II SOC 1 certified data center. Data is transferred using secure, encrypted file transfer protocols. Customers access their data through a web browser utilizing HTTPS. We use industry best practices for network and host intrusion detection.
Certain of our vendors, suppliers and employees require limited access to customer information, including protected health information as that term is defined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Such access is necessary in order for us to provide our products and services to our customers. Disclosure of non-public health care and financial information to these individuals is limited to that which is minimally necessary for them to perform their functions. Our employees receive annual training in the proper use and disclosure of protected health information and other confidential information.
Forward Health Group gathers, assembles and displays health care information so that our customers can improve the quality of care that they deliver. We do not make treatment or payment decisions, and we do not conduct health care operations on behalf of our customers.
The first thing we tell prospective customers about data security is that we embrace HIPAA. Data protection and security is a very good thing. Health care data is safe with FHG.