Tapping into our years of industry experience, we personally design and oversee the training of all our personnel. We train our offshore employees using the same superior strategies we use when training our American employees. Additionally, our workers have access to the same carrier websites and resources as the case managers they support, making them a true asset to the agencies we serve. At Employee Pooling, training is an ongoing commitment. We continually educate our employees about the latest and greatest techniques, tactics and practices. In other words, we offer a highly-trained, knowledgeable workforce at a fraction of the cost.
Data Security and Privacy
Security and privacy are top priorities for us at Employee Pooling. Our staff members must adhere to stringent data security and privacy rules, and we closely monitor their practices. At our offices in both the U.S. and India, workers take the following measures to protect client info and prevent and respond to data theft:
- No USB ports, CD burners, or other Media that would allow those with access to workstations to copy data and remove it from our facility.
- We severely restrict Internet access and only allow our team to access websites we deem necessary. All web traffic is restricted by a Sonicwall TZ100.
- Documents are shared and transferred via Citrix ShareFile unless the BGA customer insists on their own file sharing method. ShareFile is both HIPAA and HITECH compliant. (See ShareFile security report for more detail.)
- Outgoing emails are restricted to specific domains. (For example, we do not allow outgoing email to personal email addresses like Yahoo or Gmail.)
- Data retention and deletion policies are clearly defined
- CCTV's are used in our offices in India to monitor employee activity. Administrators also have the ability to shadow a user's session and monitor their activity.
- We have power generators to continue work during power outages.
- All login information is controlled by the team manager in India. The manager logs on users each morning to the accounts they need to access to complete their work for the day.
- Service providers are not allowed to carry anything in or out of the office. Cell phones, purses, and any other personal items must be left in a locker while they are at their desks.
- Background checks are run on each service provider.
- All service providers have signed non-disclosure agreements.
- We recommend customers provide us with unique and restricted usernames and passwords to their accounts.
- Company policy does not allow any alteration of customers' files or documents.
- Employee Pooling has a Privacy Liability insurance policy with Allied World Assurance Company that covers privacy and network security, notification and credit monitoring, and crisis management and data forensics. In case of breach, we are to contact our insurance provider who will provide us with immediate and ongoing direction.
- All service providers have their own user accounts and work as standard users. No admin privileges are provided.
- If any employee is absent, no other employee is allowed to use his/her system without permission from IT.
- Employees are not allowed to keep any important or sensitive data on their desktops.
- We apply a password policy to login into systems.
- Data is backed-up routinely.
- Optimization of each system is scheduled on monthly basis.
- Security checks of each system are performed twice a month.
- Swipe access is provided to monitor and control entry and exit of employees and others.
- Registers are maintained to record assets going out and coming in.
- We also take proper back-ups in two different drives, which are stored in the office and outside the office.
- We monitor all e-mails received or sent by the employees.
- We use a professional email hosting service, which provides unique incoming and outgoing email servers to eliminate any risk of email misuse.
- We use Dual monitors for efficiency and accuracy.
- Proper antivirus securities are used to protect all systems.
- We have Protocols related to guests that visit the EP office. All guests are required to go through security check at the main security counter and are instructed to wait in the separate waiting premises.
- We have monitoring systems in place, both online and offline.
- We have monitoring systems in place for network monitoring. We receive two types of feedback from this monitoring: real time monitoring and time lapse monitoring (every two hours).
- We have a security guard with a metal detector at the main entrance of office premises. This guard maintains all the records for each visitor.
- Each and every employee receives HIPAA training is given to make them aware of the implications of data misuse.