Orbcare US, Inc. (OrbCare) has put into place many measures to certify its information technology program is compliant with the regulations and conditions set forth in the Health Insurance Portability and Availability Act of 1996 (HIPAA). OrbCare is committed to continually improving its available technology to become increasingly more secure and better capable of meeting the high demand of information access against the increasing demands for information security. This statement will identify certain facets of our compliance with the HIPAA security standards and regulations. For those entities wishing to obtain a more detailed matrix breakdown regarding our compliance program, please contact privacy@orbcare.com.

Administrative Safeguards (HIPAA 164.308)

OrbCare has put numerous initiatives in place to provide for the appropriate assignment of access permissions to the appropriate person. Actions are in place to govern the movement of our workforce and the privileges associated with those movements. Information security awareness training is an annual mandated event for all staff, as well as annual review of privacy and data security policies and practice.

Physical Safeguards (HIPAA 164.310)

OrbCare utilizes Amazon Web Services and Microsoft Azure data centers that support HIPAA compliance of its tenants.  HIPAA compliance statements for these services are provided at the links below.  These data centers are physically secure with access to the facilities controlled preventing walk-up intrusion, advanced fire protection systems, uninterruptible power, and emergency power for all systems.

Annual reviews of the facility security, disaster recovery, and contingency plans are in place. https://aws.amazon.com/compliance/hipaa-compliance/ https://www.microsoft.com/en-us/TrustCenter/Compliance/HIPAA Specific workstation usage and security measures are in place. Policies are also in place to guard against equipment disposal and reuse which may inadvertently compromise sensitive information.

Technical Safeguards (HIPAA 164.312)

OrbCare complies with these regulations by requiring unique user identifications, many varied audit controls, data integrity mechanisms, verified backups, entity authentication programs, including the expanding use of digital certificate technology for all staff, and increasing measures to provide better data integrity and encryption. OrbCare has carefully reviewed both the required and addressable security standards as put forth with HIPAA. In all matters, OrbCare is moving toward full compliance with all measures as quickly as possible.