Data Protection and Security
SNG Research takes privacy, data protection and security seriously. Working with healthcare clients, in particular, comes with stringent requirements. We have devoted significant resources to ensure that the safeguards associated with HIPAA (Health Insurance Portability and Accountability Act) are in place and adhered to.
Safeguards in Place
SNG Research maintains and adheres to security and privacy policies and procedures covering the technical, administrative, and physical safeguards required by HIPAA and of critical importance to all of our clients. These include:
Technical safeguards
- Data encryption for data at rest and when being transmitted
- 24/7 Security Incident and Event Management (SIEM) monitoring
- Controlled access to data based on role and need
- Access authentication
Administrative safeguards
- Background checks and signed confidentiality agreements required for all employees
- Annual security training for all employees, supplemented with updates to support heightened awareness and vigilance
- Password management requirements (unique, complex, changed every 60 days)
- Risk analysis and risk management processes
- Contingency plans in the event of disaster
- Business Associate Contracts in place with trusted partners
Physical safeguards
- Badge required to access facility; access tracked
- Strict policies around appropriate use and security of workstations
- Device and media accountability and tracking
- Regular data backups and secure off-site storage