Attest Health Care Advisors, LLC is committed to protecting the privacy of information that has been shared with us by our clients and we take that commitment seriously. Through our work in health care quality and compliance audit services clients may share with us confidential material with can contain PII or PHI. This information is only obtained and used to meet the audit requirements. These audits are a part of the health care operations purview and are often because of the organizations need to comply with state and federal reporting requirements. Attest does not use this data for any other purposes and does not share the information with organizations outside what is listed in our contractual requirements.
In order to protect the information we receive, we are continually evaluating our processes to make sure that we are compliant with the latest security rules and regulations in order to protect all confidential materials which may include PII or PHI. As a virtual company all personnel work from home and all information is stored in the virtual desktop environment residing behind our firewalls. Users use a two factor authentication system to access their desktops. Data that is not currently being used is archived and is only accessible by a select few individuals. All of our operations and data is United States based and cannot be accessed outside of the United States.
As a business associate of covered entities, we agree to the same restrictions and conditions that apply to the covered entity with respect to protecting information classified as protected health information (PHI) and personally identifiable information (PII). We agree to meet the HIPAA standards related to protecting that information in all of our business associate agreements (BAAs) and comply with the regulations, such as requests from the Secretary of Health and Human Services, as applicable. Attest does retain all data for a period of ten (10) years in complains with federal regulations. After ten years, all data is destroyed in compliance with the regulations. This also includes the length of time we must store the data to ensure compliance with federal regulation and proper destruction of data.
Attest is not data controller. We do not own the data that is shared with us and we do not collect data from individuals. Should an individual wish to have access to their data for review, modification or to restrict the use of, must contact the entity who supplied us the data (data controller).
Should you wish to provide a complaint or ask a question about our privacy program, you can contact the Chief Compliance and Privacy Officer at email@example.com.