Skip to main content

Compliance

We are committed to protecting employee, company, and partner information.

Our technology-driven, flexible health care solutions ensure employers can meet the medical needs and compliance issues of their employees, anywhere in the world.

As a company, Comprehensive Health Services takes compliance issues extremely seriously, assuring clients and partners that we comply with all government and industry standards.

We are compliant with Federal Acquisition Regulations (FAR), Defense Federal Acquisition Regulations (DFAR), Department of State Acquisition Regulation (DoSAR), International Traffic in Arms Regulations (ITAR), Export Administration Regulations (EAR), Occupational Safety and Health Administration (OSHA) regulations, Trafficking-in-Persons, Foreign Corrupt Practices Act (FCPA), Fair Labor Standards Act (FLSA) and Department of Labor (DOL) regulations.

Federal Government

Because we track every exam conducted by our network, we can document exactly how much of a contract is spent with small, minority-owned, service-disabled veteran, or woman-owned businesses, and comply with related requirements.

Financial

We use an industry-standard accounting software and are fully compliant with Defense Contract Audit Agency (DCAA) and government costing methods.

Data Center

Our systems reside in a secure data center that is SOC-1 Type II and SOC-2 Type II Certified, a certification recognized worldwide as one of the strictest audit standards for service providers. SOC focuses on organization and management, communications, risk management, design and implementation of controls, monitoring of controls, logical and physical access controls, system operations, and change management.

Communication Encryption and Safeguard

We use an industry-leading data loss prevention and encryption service to stay ahead of and significantly diminish security risks. We also use AES 256-bit encryption to protect our data at rest in our production, test, and application development environments.

Specifically, we use an encryption tool to safely and securely send and receive protected information via email. Recipients are able to receive and reply to our emails almost effortlessly and without the use of complicated procedures.

Patient, Partner, and Client Privacy (Information Security and the Health Insurance Portability and Accountability Act)

We are committed to protecting our employees', company's and partners' Individually Identifiable Health Information/Protected Health Information (PHI), Personally Identifiable Information (PII), and confidential and proprietary information from intentional and unintentional data breaches or improper use. 

Through the use of administrative, physical, and technical safeguards, paired with continuous training, we assure the confidentiality, integrity, and availability of the protected information. 

We follow all appropriate state privacy laws and regulations, and adhere to applicable HIPAA Privacy Rule, HITECH Breach Notification Rule, and HITECH Breach Notification Rule provisions.

For specific information as to how CHSi uses and discloses protected health information, our duties to protect health information privacy, patient rights, and how to contact CHSi for more information or to make a complaint click the links below to access our Notice of Privacy Practices.

Notice of Privacy Practices

Aviso de Practicas de Privacidad

Information Security and HIPAA Questions or Comments

For Information Security, HIPAA, or privacy-related questions, comments, or concerns, please contact our Privacy Office at:

Comprehensive Health Services Security
8810 Astronaut Boulevard
Cape Canaveral, FL 32920

Phone: 321-783-2720; 800-638-8083
Fax: 321-868-8505
Email: CHSi-Security@chsmedical.com