Staff Awareness and Security Culture

Xillium maintains a culture that keeps focus on security. We create an environment that fosters a security-first mindset, setting a high standard for the protection of information assets.

FACILITIES

We maintain offices that control physical access and filter HIPAA trained staff from non-trained staff. These policies are established to support the privacy and security required by HIPAA.

Secured Entry

Overall each site has security personnel to prevent unauthorized access to the facility. This protects equipment, network and data.

  • Company ID required for entry
  • No unauthorized devices allowed in the facility (such as phones or USB drives)
HIPAA Zones

All client and patient data is only accessed within designated HIPAA Zones. Only staff trained in HIPAA and with signed BAA agreements are allowed into the HIPAA Zones.

Equipment Lockers

All personal cell phones, and other electronic devices are stored in secured access equipment lockers.

DATA

Your Data Your Choice

We follow secure industry standards and practices. It means we are continuously adapting security systems and policies to mitigate threats. Today, we mandate the following policies.

Password Policies

  • Password Managers
    • Secure and automated passwords for all accounts in protecting client data

  • Multi-factor Authentication (MFA)
    • Protection to mitigate risks of impersonation or remote attacks

Storage Policies
  • Data Removal
    • Automated administrative deletion of daily PHI and other client data

    • Administrative automated local file removal

  • Cloud Backup Policy
    • Cloud backups are disabled for any client storage areas

Browser Controls
    • Administrative restrictions on browser extensions and central request processing of browser add-ons
    • Browser setting controls have central administration

Policies for Equipment, Network & More

We strive to keep current with the latest security updates and watch lists. We establish high-level security protocols that restrict access to sensitive data. Keeping client data safe is our prime concern. It means that keeping our systems safe is our top priority.

At Home Security Policies

During the pandemic, WFH is a fact of life. We have policies for WFH to ensure they uphold our privacy and security standards and follow HIPAA protection of PHI.

Equipment

  • Company-provided equipment only
  • Restricted phone policy while using work equipment

Network and Workspace

  • Dedicated restricted network only for work
  • Network configuration and verification by Xillium IT
  • Home workspace inspection by Xillium staff

About HIPAA

Keeping data private goes beyond HIPAA. While technical safeguards provide an added layer of protection, a strong focus on behavioral security reinforces good security habits. We consider HIPAA compliance as the starting point of ensuring data privacy. Security awareness improves security culture.