Xillium maintains a culture that keeps focus on security. We create an environment that fosters a security-first mindset, setting a high standard for the protection of information assets.
We maintain offices that control physical access and filter HIPAA-trained staff from non-trained staff. These policies are established to support the privacy and security required by HIPAA.
Your Data Your Choice
We follow secure industry standards and practices. It means we are continuously adapting security systems and policies to mitigate threats. Today, we mandate the following policies.
Complex and automated password, secured and encrypted accounts
Protection to mitigate risks of impersonation or remote attacks
Automated administrative deletion of daily PHI and other client data
Administrative automated local file removal
Cloud backups are disabled for any client storage areas
Secure and automated passwords for all accounts in protecting client data
Browser setting controls have central administration
We have policies that restrict access to your data
No 3rd party access to any patient data without explicit permission from the care provider or trustee of the data
No data sharing
Remote desktop access is disabled
Restricted Network Access: All company networks are restricted at the hardware MAC address level
Managers and administrators do not have access to client data
Your data always stays on your platform and only your platform. Patient data is only accessed through EMR and other systems provided by clients.
Local Temp storage usage only
Administrative automated local file removal based on time of life standard
We strive to keep current with the latest security updates and watch lists. We establish high-level security protocols that restrict access to sensitive data. Keeping client data safe is our prime concern. It means that keeping our systems safe is our top priority.
All devices that store client or company data are encrypted. We require that access to all client data be via encrypted networking protocols where possible.
During the pandemic, WFH is a fact of life. We have policies for WFH to ensure they uphold our privacy and security standards and follow HIPAA protection of PHI.
To improve compliance with HIPAA security policies, we require ongoing staff training and conduct regular security and HIPAA audits. Keeping data private goes beyond HIPAA. While technical safeguards provide an added layer of protection, a strong focus on behavioral security reinforces good security habits. We consider HIPAA compliance as the starting point of ensuring data privacy. Security awareness improves security culture.