Security

BMI Audit Services is committed to safeguarding Protected Health Information (PHI) and Personal Identifiable Information (PII). Because we inherently operate in a regulatory environment, we have a combination of policies, procedures and technology in place to help safeguard any sensitive data.

Physical Security Safeguards

BMI is located at a facility that maintains restricted off-hours access. Additionally, the offices of BMI are protected by a 24/7 security, video and alarm system maintained by a leading provider for security monitoring services.
Access to the BMI office and internal rooms are controlled electronically through a key fob access system. Only authorized personnel have accounts and designated access to gain entry.
Computer, phone, and networking related equipment is secured in a locked and restricted area.
BMI utilizes a leading provider for secure document shredding.

Information Technology Safeguards

All PHI/PII data is encrypted at rest and in transit using modern cryptography standards such as AES-256. In addition, laptop computers utilized by BMI personnel are encrypted at the hard drive level.
Only authorized BMI personnel have accounts to gain access to our environment. A strong, complex password policy is employed along with multi-factor authentication. Internal networks are segmented based on data sensitivity.
In addition to industry-leading anti-virus/malware, intrusion protection, data loss prevention, and advanced threat protection, resources are protected using the latest software products that identify and authenticate users to validate access requirements.
Backups are performed on a 24/7 basis and reside at an alternate SOC 2 certified colocation electronically for business continuity purposes. Backup infrastructure resides on private networks logically secured from other networks.
Remote access to the BMI network and servers is controlled using state-of-the-art firewall, monitoring, and networking technology.
Industry-leading managed detection and response services continuously scan our networks and endpoints of potential vulnerabilities.

Procedural Safeguards

All BMI personnel undergo an extensive background check prior to employment.
Access to systems and data are based on the principle of need-to-know and reviewed regularly.
Business Associate Agreements are required between contracting parties when any PHI/PII is securely exchanged.
Ongoing training and user adherence testing is provided relative to HIPAA, cyber security and privacy and security policies that are regularly updated in a fast-changing data security environment.

Insurance Coverages

Extensive insurance coverages up to $5M are in place including technology, cyber, digital media and professional liability.

SOC 2 CERTIFIED

BMI is a certified SOC 2 service organization, as defined by the AICPA – aicpa.org/soc. The certification is widely recognized as the worldwide standard for secure and confidential information handling

Privacy

This Privacy Policy describes the data BMI Audit Services, LLC (“we”, “our”, or “us”) may collect from your interaction with our website and how we safeguard and utilize that data.

Policy Updates

We may modify this policy at any time. We will notify you of any changes by posting an updated privacy policy on our website. Your continued use of the website after such updates constitutes your acknowledgement and consent to abide by the terms of the updated policy. To stay informed of the latest updates, please review this policy periodically.

Data Collection

We collect data to enhance your experience and fulfill our service obligations. The types of data we collect include:

Personal Information. Information you voluntarily provide to us through our website, and that is reasonably linked to you or may be used to identify you, such as your name, contact information, or documents that may be used to establish your benefits eligibility.
Non-Identifiable or De-Identified Data. This data includes your IP address, browser, and device characteristics that we may collect as you interact with our website. In some jurisdictions, data such as your IP address may be considered personal information.
Usage Data. Information derived from your interactions with our website.

Purpose of Data Collection

We may collect use, and share your data for any legally permissible purpose including the following:

To meet our contractual and legal obligations, including using your personal information for audit purposes.
To understand your preferences and improve communication with you.
To enhance our services and products.
To personalize your website experience based on your behavior and preferences while interacting with our website.

Data Security

We take reasonable steps to secure your personal information from unauthorized access, theft, or disclosure. We maintain appropriate physical, technical, and administrative safeguards, including by employing advanced technologies and software, to ensure that your personal information is processed responsibly. For more information about these safeguards, please visit https://www.bmiverify.com/Home/SecurityPolicy.

Data Sharing

Except as provided in this privacy policy, we do not sell, rent, or lease your personal information or use it for marketing purposes. In providing contracted services to our clients, we may share personal information with them about their employees that has been collected through this website. We may also share your personal information with our third-party service providers, as needed in order to allow them to fulfill their services to us.

If we are involved in a merger, acquisition, or asset sale, we may share or transfer your personal information in relation to that transaction.

We may also share your personal information if required by law, regulation, or court order, to comply with legal obligations or respond to legal process, or if we determine in our discretion that such disclosure is necessary, including to protect our rights and property or to prevent or investigate unauthorized activity.

Your personal information will only be used in accordance with this privacy policy, including for fulfilling our specific contracted services. We are not responsible for the privacy or security policies or practices of our clients or any other third-party. For information about the privacy or security practices of any third-party, please visit their websites or contact them.

Cookies and Web Tracking Technologies

Cookies and other web tracking technologies may be used by us and our partners to improve your website experience by helping us to understand your preferences. You can disable or manage cookies at any time via your browser settings, but this may impact website functionality. We use Google analytics to understand how visitors may engage with our website. You may also limit Google’s automatic collection of information about your online activities over time and across third-party websites by opting out of such collection via the opt-out browser extension here. We do not recognize or respond to “Do Not Track” signals as there is not presently a uniform technological standard available.

Contact Us

For any questions or concerns regarding this policy, or to review and request any changes to your personal information, please contact us through our online form (https://www.bmiverify.com/Home/Contact).

Consent

By using our website, you consent to the collection, sharing, and use of your data as described in this policy.

Effective Date This policy is effective as of 6/25/2024.