MEDICARE DSH
DSHRIP | Medicare Disproportionate Share (DSH) Revenue Improvement Program
INFORMATION SAFEGUARDS
GDS Data & Information Systems Security
Partnering with a diversified mix of Health Systems, independent hospitals, consulting entities, sophisticated technical solutions, and government entities lends itself to very high security requirements for GDS’s data, information, and technology systems. We expect nothing less from ourselves and treat all our data as if it belonged to our own GDS family.
We have passed numerous security pre-requisites upon request from our clients including an array of third-party requirements such as KY3P® from HIS Markit®. We look forward to continuing our history of staying ahead of our clients’ needs for GDS to be a secure, reliable partner.
All data exchanges with GDS are made via secure connections using end-to-end encryption.
The greatest protection at GDS derives from a set of clear and long-standing CONTROLS for our vastly experienced staff augmented by revisions to these controls as the industry evolves and new technology is relevant. This has resulted in a history of habitual well-informed actions.
GDS has also been AICPA SOC 2® Type 2 certified since 2019. The annual certification process is robust, includes penetration testing and vulnerability testing, and is a leading industry method to report on and challenge the design, operations, and effectiveness of controls for a service organization.
These certified controls promote the success and achievement of GDS’s philosophy. This philosophy includes: “Data Loss Prevention”, “Data at Rest & Data in Motion Encryption Standards”, “Third Party End Point Protection”, “Closed Network Concepts”, “Robust Partitions”, “Third Party Antivirus & Antispyware Tools”, “Server/Network/Firewall/Internet Log Gathering”, “Third Party Enhanced Central Prioritized Monitoring/Reporting”, “Hard Drive Encryption” and “Strategic External Professional Consultation”, “24/7/365 Security Operations Center”.
GDS maintains a monitored key card locked secure facility for onsite employees requiring special access for any guest. Additional and separate physical key lock mechanisms on physical IT infrastructure serve to physically partition such assets within the key card locked secure facility. This infrastructure is specifically climate controlled, fire protected/detected, and monitored.
All intake and outflow of Protected Health Information (PHI) is handled via our DigiCert® certified multi factor authentication enabled website. In the modern and COVID impacted work from home environment, the adaptation of our End Point Protection solution is critical and allows management to limit, stop, monitor, and analyze data flow according to GDS policy and controls.