GeBBS Healthcare Solutions is committed to being a reliable and trusted partner through rigorous high-standards information security and compliance. Our approach to risk management is to segregate risks that need to be managed by line functions and those that need to be managed centrally. The risk management team is comprised of highly qualified professionals who work with clients throughout the engagement to develop customized risk-management solutions covering business continuity, information security and compliance with privacy regulations. This team also manages all infrastructure related risks for GEBBS delivery centers. GeBBS is SOC 2® Type 2 and PCI DSS certified which demonstrates our commitment to securely manage and protect data and privacy of our clients. Currently, GeBBS is undergoing HITRUST certification process as well.
GeBBS considers information security management to be a risk, as well as a market differentiator and hence invests appropriately in implementing strong information security management systems. The information security program at GeBBS is led by the Chief Information Security Officer (“CISO”), who in turn is assisted by a dedicated team of security professionals. To ensure a minimum baseline standard for information security across the enterprise, GeBBS has adopted the ISO 27001 information security framework certified by a qualified external assessor. Internal information security audits are done which cover information asset management procedures, IT security, personnel security, physical and environmental security, business continuity, change management, incident management, and compliance with contractual obligations.
Recognizing the importance of protecting the privacy and integrity of every individual’s health information, GeBBS initiated its HIPAA compliance program in 2005.
GeBBS has a dedicated HIPAA compliance team led by a Compliance Officer who coordinates, monitors and maintains the compliance plan. A confidentiality agreement is signed by all employees at the time of joining the organization and employees are aware that they will be penalized for any security violation. At regular intervals, GeBBS conducts compliance training programs for all employees. This further ensures awareness and ethical work standards. By adopting the best practices approach to privacy and security, we are committed to delivering services and products that enable our clients to meet HIPAA requirements.
Infrastructure Risk Management
All our delivery centers conform to our internal infrastructure risk standards. These standards have been drawn up specifically to enable 24/7 BPO operations by ensuring continued availability through location risk assessment and management techniques, continuity of critical utilities such as power and HVAC through designing and provisioning of diesel / gas based generator sets / uninterrupted power supply units, and the safety of our premises and people through selection and design of fire alarm systems, access control, and CCTV systems.