NMS Security Policies & Procedures
Access rights are based on employee’s job function and role. Information sharing does not go beyond the scope of services that have been authorized by our clients. Employees are given access to systems and data based on their job role in order to carry out occupational health or employee screening services for clients and their employees. Employees are provided ongoing HIPAA and cybersecurity education which includes topics but is not limited to phishing, password policy, malware, social media best practices. Systems are secured with multi-factor/two factor authentication when possible.
NMS administrators including the Security and Privacy Officer regularly review system access, activity logs and other monitoring systems for policy and best practice alignment in order to assess access rights and role based security
NMS restricts access to personal information to employees, contractors and agents who need to know said information in order to process for the required employment screenings. Our employees and contractors are subject to contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
NMS’s core mission of information security is to protect users, customers, employees and other stakeholders from unauthorized access to or unauthorized alteration, disclosure or destruction of information we hold. This information includes but is not limited to Protected Health Information and Personally Identifiable Information.
Sensitive data is encrypted with SSL and TLS certificates to ensure information is encrypted from end to end. NMS regularly reviews information collection, storage and processing practices, including physical and digital security measures to guard against unauthorized access to systems and software. NMS's home office is secured with keycard and keypad. On premises electronic surveillance is in place. Visitors are logged at company reception and given guest badges.
NMS applies updates to employee workstations and monitors workstations for malware. NMS has administrative apply operating system updates, security patches and other system updates. NMS can restrict employee access to systems, software, applications or networks. All NMS employees have the latest virus scan software and definitions installed on their machines.
Employees are unable to store information on local physical devices. All workforce tools are cloud based on virtual machines that require authentication in order to protection against data loss including unintended human errors and stolen devices.
NMS handles protected health information (PHI). Protected Health Information is defined as any information that can be used to identify a person and their individual health information.
Information that is deemed as PHI is stored and transmitted using methods that are HIPAA and HITECH compliant. NMS has signed a business associates agreement (BAA) with third parties that transmit and store PHI.