linkedin instagram facebook plus

How Renaissance Protects PHI Data

Mark Hensley, RES Director and Chief Information Security Officer, shares how we keep your dental practice’s data safe

Posted by Mark Hensley on Oct 08, 2019

At Renaissance, we hold security as our top priority. Our claims processing software, Remote Lite powered by rPractice, is HIPAA compliant keeping your office secure while sending claims. We have the same rules for ourselves at Renaissance headquarters to keep our employees and customers safe. 

At Renaissance, we have adopted the NIST Cybersecurity Framework to manage risk, a national security standard. The framework consists of five core functions: identify, protect, detect, respond, and recover. To address the protection of customer and patient data, we would like to focus on the protect and detect functions of the framework.

Access management

Renaissance uses a strict password policy that requires at least 12 characters and a mix of upper and lower case, numbers, and special characters; employees are required to change their passwords every 60 days and can’t reuse their last 24 passwords. All employee accounts are audited quarterly to ensure the appropriate level of access and are disabled immediately upon their last day of employment. 

Some of our departments have the ability to work remotely on occasion. Remote access to RES systems requires an encrypted connection and the use of multi-factor authentication. 

On-premise security 

When our dental heroes are in the building, a badge is required for access. To access our data centers use of both a badge and a unique PIN is required. The latter has alarms and is monitored 24/7 by a security company. Our data center is equipped with  a fire suppression system and is monitored by the local fire department to make sure our people and data remain safe.

Keeping our employees sharp through training

Employees are prepared to spot suspicious activity through monthly training about security and privacy. Targeted phishing campaigns are conducted monthly to assess the security posture of our executives, finance, IT, and security staff. 

When it comes to our data, we use transport layer security to send all data. We encrypt all data on servers and workstations. Only authorized individuals are able to access sensitive or protected data. Protected health information can only be accessed by individuals with a business requirement or where there is a patient/provider or patient/payer relationship.

Incident ready 

Our security team is prepared for anything. Renaissance has developed a data governance process that dictates the retention periods and destruction methods used in the data lifecycle. We also have a thorough incident response plan, which is tested quarterly by the Incident Response Team. This enables us to quickly respond to security incidents. Our security team also has developed and implemented a comprehensive vulnerability management program which enables us to quickly remediate vulnerabilities as they arise.

Real-time monitoring 

How do we know if something is at risk, you ask? We ensure that security events are monitored and analyzed in real-time by both our in-house security staff and a contracted Security Operations Center that provides 7/24/365 support. Renaissance also uses publicly available threat intelligence to better determine attack patterns. We analyze all inbound network traffic for malware. We also employ host-based malware detection and are able to quarantine infected computers to limit the spread of malicious code. Last but not least we conduct weekly vulnerability scans on internal systems, monthly scans on external-facing systems, and monthly application security scans on our public facing web portals to make sure your information and ours is a fortress of protection. Keeping our customer’s data safe is our number one priority.