Skip to main content

Compliance

We are committed to protecting employee, company, and partner information.

Our technology-driven, flexible health care solutions ensure employers can meet the medical needs and compliance issues of their employees, anywhere in the world.

As a company, Comprehensive Health Services takes compliance issues extremely seriously, assuring clients and partners that we comply with all government and industry standards.

We are compliant with Federal Acquisition Regulations (FAR), Defense Federal Acquisition Regulations (DFAR), Department of State Acquisition Regulation (DoSAR), International Traffic in Arms Regulations (ITAR), Export Administration Regulations (EAR), Occupational Safety and Health Administration (OSHA) regulations, Trafficking-in-Persons, Foreign Corrupt Practices Act (FCPA), Fair Labor Standards Act (FLSA) and Department of Labor (DOL) regulations.

Federal Government

Because we track every exam conducted by our network, we can document exactly how much of a contract is spent with small, minority-owned, service-disabled veteran, or woman-owned businesses, and comply with related requirements.

Financial

We use an industry-standard accounting software and are fully compliant with Defense Contract Audit Agency (DCAA) and government costing methods.

Data Center

Our systems reside in a secure data center that is SOC-1 Type II and SOC-2 Type II Certified, a certification recognized worldwide as one of the strictest audit standards for service providers. SOC focuses on organization and management, communications, risk management, design and implementation of controls, monitoring of controls, logical and physical access controls, system operations, and change management.

Patient, Partner, and Client Privacy (Information Security and the Health Insurance Portability and Accountability Act)

We are committed to protecting our employees', company's and partners' Individually Identifiable Health Information/Protected Health Information (PHI), Personally Identifiable Information (PII), and confidential and proprietary information from intentional and unintentional data breaches or improper use. 

Through the use of administrative, physical, and technical safeguards, paired with continuous training, we assure the confidentiality, integrity, and availability of the protected information. 

We follow all appropriate state privacy laws and regulations, and adhere to applicable HIPAA Privacy Rule, HIPAA Security Rule, and HITEC Breach Notification Rule provisions. 

Communication Encryption and Safeguard

We use an industry-leading data loss prevention and encryption service to stay ahead of and significantly diminish security risks. We also use AES 256-bit encryption to protect our data at rest in our production, test, and application development environments.

Specifically, we use an encryption tool to safely and securely send and receive protected information via email. Recipients are able to receive and reply to our emails almost effortlessly and without the use of complicated procedures.

Information Security and HIPAA Questions or Comments

For Information Security, HIPAA, or privacy-related questions, comments, or concerns, please contact us at:

Comprehensive Health Services Security
8810 Astronaut Boulevard
Cape Canaveral, FL 32920

Phone: 321-783-2720; 800-638-8083
Fax: 321-868-8505
Email: InformationSecurity@chsmedical.com