Protecting Partners, Members with Secure Solutions
Data breaches are becoming increasingly common, and the healthcare space is not immune.
At FEI, we know working with a new vendor requires a high level of trust that your programs and member data will be safe from security threats as you transition to, implement and use new platforms and solutions.
With FEI Systems, you can be confident your data meets industry conditions and standards for information security and client privacy. Our solutions comply with a large variety of federal and state laws, regulations, security standards, and corporate policies. Additionally, the Blue Compass platform is hosted in FEI’s Amazon Web Services (AWS) cloud, one of the most flexible and secure cloud computing environments today.
Managing and Mitigating Risk
FEI has earned the HITRUST CSF® certification status for information security, demonstrating our ability to meet key regulations and industry-defined requirements while appropriately managing risk. We are among an elite group of organizations worldwide that have earned this certification.
The HITRUST Certification is based off the National Institute of Standards and Technology (NIST) Cybersecurity Framework. The NIST Special Publication (SP) 800-53 establishes the security and compliance requirements for all systems, interfaces, and connections between Affordable Care Act (ACA)-mandated health exchanges and marketplaces. The HITRUST Certification includes elements such as:
- HIPAA Security Rule
- PCI Medicaid
- Control Objectives for Information and Related Technology (COBIT)
- NIST Risk Management Framework
Supporting Partners with Regular Staff Training, QA
Key staff/core team members and all other FEI employees or consultants and contractors working on our projects attend and receive yearly HIPAA training. Further, as part of maintaining the HITRUST certification, FEI is formally assessed every two years by an independent assessor and internally assessed annually in-between the two-year cycle with the result being presented to HITRUST. The combination of FEI’s internal HITRUST certification and customer requirements provides due diligence to the fact that our security controls are continually assessed on an annual cycle.
Additionally, we have the following assessments conducted on an annual basis:
- SSAE 16 SOC 2 Type II: FEI hosts the solution in AWS, which conducts SSAE 16 SOC 2 Type II annual audits and is ISO 27000 and FEDRAMP certified.
- Penetration Testing: On no less than an annual basis, we engage an independent third party to perform both internal and external network penetration tests, activities that include physical and logical social engineering.
- Organizational IT Certifications: FEI has also earned CMMI ML3, ISO 20000 and ISO 9001:2015 (PMO only) certifications, which require annual third-party assessments and attest to the maturity of our information security program, systems development, and overall IT operations.
ONC Certified
Developer organization name: FEI Systems
Product name and version: WITS (Web Infrastructure for Treatment Services) v22
Unique certification number: 15.04.04.1479.WITS.22.02.1.220628
Date the product was certified: Oct 1, 2019
Certification criteria to which the product has been certified:
- 170.315 (a)(1, 2, 5-9, 11, 14)
- 170.315 (b)(1, 6)
- 170.315 (c)(1)
- 170.315 (d)(1-9)
- 170.315 (g)(3-9)
CQMs to which the product has been certified: CMS68v8: Documentation of Current Medications in the Medical Record
Any additional software the certified product relied upon to demonstrate its compliance with certification criteria:
- WITS has integrated with NewCropRX’s Electronic Prescribing solution.
- WITS has integrated with Updox’s version 2016.0 Direct Messaging solution.
ONC Disclaimer: “This Health IT Module is 2015 Edition compliant and has been certified by an ONC-ACB in accordance with the applicable certification criteria adopted by the Secretary of Health and Human Services. This certification does not represent an endorsement by the U.S. Department of Health and Human Services.”
