APC has adopted robust policies and procedures for the handling of confidential material including data management, storage and destruction that are fully compliant with requirements specified by CMS, HIPAA, HITECH and the Massachusetts Privacy Regulations. Our current business practices include (but are not limited to) the following safeguards:

• 256-bit automatic encryption for e-mail using third-party email encryption services;
• 256-bit encrypted FTP site for secure data transfers between our clients and APC;
• Sonicwall VPN tunnel for remote access and firewalls for website content control;
• All data is stored onto servers (not desktops) that are located in a secure server room.
• All desktops and laptop computers are encrypted, rendering them inaccessible if removed or stolen.
• All data is backed up every four (4) hours and transferred to secure off-site storage every 24 hours; and
• Ongoing third-party threat assessments to ensure the integrity of our data security program.

In addition, all APC employees are subject to background checks as a condition of employment. For those who are engaged with contracts for the Federal Government, they must pass a comprehensive security clearance process in order to perform services associated with those engagements. All employees sign agreements acknowledging specific criteria for confidentiality and ethics as well as a conflict of interest disclosure.

All these measures (and more) are in place to ensure that our clients are comfortable knowing that confidentiality and security are the very foundation of APC. For more information, please contact us.