SEAL

Who is accessing or changing sensitive data such as personal health information (PHI) or financial transactions in your benefits administration system? If a suspicious transaction occurs, will you be able to easily track who made changes to the affected systems?

The answers to these questions are central to protecting your participant and employer data and avoiding potential penalties under federal regulations like the HIPAA Security Rule and HIPAA HiTECHBridgeway is making compliance easier and helping you avoid these costly fines with Secure Enhanced Audit Logging (SEAL), an enhancement to our core benefits administration suites to help you effectively track, view and report on the who, what and when of changes to your system data.

SEAL captures the date and time of each change, a snapshot comparing the original data with the changed data, the name of the operator/system user who made the change, and a reason code where available. You’ll be able to track most BASYS Platform system data fields, and view audit trail information with a new feature that allows you to easily access and find tracked system changes with a quick search. Run reports on a targeted slice of audit trail results, or run a comprehensive report on all changes in a specific timeframe or system area. Only users you authorize will have access to audit set-up and results, as you determine user profile and roles authorization.

SEAL comes with Bridgeway consulting that includes best practices for what and when to audit, how to monitor changes, and recommendations for retention, purging and archiving audit data.

Protect your sensitive data, avoid costly regulatory penalties and improve your peace of mind about the security and compliance of your BASYS Platform system – equip yourself with the tools and best practices that come with SEAL from Bridgeway.

Cybersecurity Awareness FAQ

Ready to survive a compliant audit?
Test your awareness of these data security best practices.

Three fundamental data security principles: Confidentiality, Integrity, Availability. Information is considered sensitive if the loss of its Confidentiality, Integrity or Availability could have a severe adverse effect on organizational operations, assets or individuals.

A cybersecurity framework, which is often used as a baseline to assess and improve your security readiness. The National Institute of Standards and Technology (NIST) offers a CSF that is used by many organizations.

HIPAA HiTECH stands for Health Information Technology for Economic and Clinical Health. It’s the standard used to measure how well you protect members’ Protected Health Information (PHI). 

Everyone who access your sensitive data should be authenticated. Best practices call for defining security roles and responsibilities and limiting access to those who have a legitimate need to view or change the data. Be particularly mindful of access by new hires and terminated employees, vendors, and those with remote access that may be unwittingly compromised.

Be sure you’re paying attention to software security patches. You’ll also want routine vulnerability scanning and remediation, server hardening, a robust firewall that is proactively managed, regular anti-virus and anti-malware scanning, server monitoring and intrusion detection alerts, and regular penetration testing by a trusted third-party vendor. Customers with Bridgeway hosted applications already receive these protections.

With audit logging, you can track who is reading, writing, modifying or deleting records within your system. Audit logs provide an historical record of your data over time so that changes are evident. Changes can be tracked at the operating system level or application level, but database-level auditing is best for capturing all critical audit data.

Since logging and archiving great volumes of data can create speed and storage issues, it’s critical to know what’s worth tracking for compliance audit purposes, how and how long to archive tracked data, how to project and manage your disk space requirements and how to secure the logged data. SEAL comes with Bridgeway expert consulting services to help you balance security and resource management.

The National Institutes of Standards and Technology (NIST) has issued guidelines to help those who handle sensitive information to track and manage it wisely. You can download free information from their website or ask your Bridgeway Customer Experience Manager to connect you with resources who can help.

SOC or Service Organization Control audits give you peace of mind that vendors who access your data are handling it under the highest security standards. Stringent third-party audits are required for an organization to achieve SOC 2 certification, and SOC 2 Type II means the organization has been certified as meeting those standards over a substantial time – generally one year. Bridgeway undergoes this testing annually to offer Taft-Hartley’s first SOC 2 Type II certified application hosting.