Security Policy

AICPA SOC seal BMI Audit Services is dedicated to protecting the privacy and security of your Protected Health Information (PHI) and Personal Identifiable Information (PII).  We have a number of internal and external policies and practices in place to help safeguard this sensitive data. We keep your oral, written, and electronic PHI/PII safe using physical, electronic, and procedural means in addition to our extensive insurance coverage.

BMI is a certified SOC 2 service organization as defined by the AICPA. – aicpa.org/soc

Physical Security

BMI is located at a facility that maintains restricted, off-hours, access.  Additionally, the offices of BMI are protected by a 24/7 security and alarm system maintained by a leading provider for security monitoring services.

  • Access to the BMI offices are controlled electronically through a keypad access system; only authorized BMI personnel have accounts to gain entry.
  • Our computer and phone equipment are secured in a locked and restricted area.
  • BMI utilizes a leading provider for secure Document Shredding:  any physical printouts containing PHI/PII data are either destroyed using this service or stored securely on-site.

Information Technology Safeguards

  • All PHI/PII data is stored on our central servers and raw data files are encrypted using AES-256 encryption technology.  In addition, laptop computers, utilized by BMI personnel, are password-protected at the hard drive level; any data residing on a laptop’s hard drive cannot be accessed without the appropriate password even if that hard drive is placed in a different computer.  
  • Only authorized BMI personnel have accounts to gain access to our servers. A strong, complex password policy is employed by our server software.
  • Backups are performed on a 24/7 basis. Data that is backed up is first encrypted using AES encryption technology and then delivered to a remote location electronically for Business Continuity purposes.
  • Remote access to the BMI network and servers is controlled using state-of-the-art firewall and SSL networking technology.

Procedural Safeguards

  • All BMI personnel undergo an extensive background check prior to employment.
  • On-going training is provided relative to privacy and security issues that occur in a fast-changing data security external environment.
  • Extensive Insurance Coverage: Cyber liability insurance coverage including errors and omissions, data privacy and network security liability, internet and electronic media liability, professional services liability, business interruption, cyber extortion, data and identity theft, intellectual property, and expenses related to responding to a privacy event.