GeBBS Healthcare Solutions is committed to being a reliable and trusted partner through rigorous high-standards information security and compliance. Our approach to risk management is to segregate risks that need to be managed by line functions and those that need to be managed centrally. The risk management team is comprised of highly qualified professionals who work with clients throughout the engagement to develop customized risk-management solutions covering business continuity, information security and compliance with privacy regulations. This team also manages all infrastructure related risks for GEBBS delivery centers. GeBBS is SSAE 16 Type II certified, an auditing standard for service organizations that is independently reviewed annually to ensure service organizational controls are in place.
GeBBS considers information security management to be a risk, as well as a market differentiator and hence invests appropriately in implementing strong information security management systems. The information security program at GeBBS is led by the Chief Information Security Officer (“CISO”), who in turn is assisted by a dedicated team of security professionals. To ensure a minimum baseline standard for information security across the enterprise, GeBBS has adopted the ISO 27001 information security framework certified by a qualified external assessor. Internal information security audits are done which cover information asset management procedures, IT security, personnel security, physical and environmental security, business continuity, change management, incident management, and compliance with contractual obligations.
Recognizing the importance of protecting the privacy and integrity of every individual’s health information, GeBBS initiated its HIPAA compliance program in 2005.
GeBBS has a dedicated HIPAA compliance team led by a Compliance Officer who coordinates, monitors and maintains the compliance plan. A confidentiality agreement is signed by all employees at the time of joining the organization and employees are aware that they will be penalized for any security violation. At regular intervals, GeBBS conducts compliance training programs for all employees. This further ensures awareness and ethical work standards. By adopting the best practices approach to privacy and security, we are committed to delivering services and products that enable our clients to meet HIPAA requirements.
Infrastructure Risk Management
All our delivery centers conform to our internal infrastructure risk standards. These standards have been drawn up specifically to enable 24/7 BPO operations by ensuring continued availability through location risk assessment and management techniques, continuity of critical utilities such as power and HVAC through designing and provisioning of diesel / gas based generator sets / uninterrupted power supply units, and the safety of our premises and people through selection and design of fire alarm systems, access control, and CCTV systems.
Business Continuity Planning
GeBBS’s Business Continuity Planning (“BCP”) team engages with clients early in their programs during the contracting stage, to understand how processes that are proposed to be outsourced impact clients’ business in the event of their discontinuance. This enables clients to take an informed decision whether the “candidate” processes need to be split between two or more GeBBS delivery centers, which provides a high level of redundancy. During transition, our BCP team works closely with process owners to assess continuity requirements and develop appropriate business continuity strategies. The focus of our BCP program is to offer practical and cost-effective BPO solutions to our clients.