HIPAA COMPLIANCE STATEMENT

Updated January 1, 2020

Elk Grove Graphics (EGG) is committed to and has implemented many safeguards to ensure its devices, services, websites and data systems (collectively "Products") are compliant with the regulations and conditions set forth in the Health Insurance Portability and Availability Act of 1996 (HIPAA). EGG has implemented policies, processes, and procedures designed to ensure compliance with Federal and State information security laws, regulations, and rules, and monitors ongoing compliance efforts and maintains various reporting mechanisms that are required by law or requested by its customers.

EGG recognizes that it is a key business partner with its customers and will continue to provide all of its various programs and services in accordance with the relevant requirements of all state and federal laws and regulations, including, as applicable, HIPAA.

We are committed to continuous improvement to ensure EGG Products incorporate state-of-the-art information technology privacy and security measures.

We are committed to keeping all PHI (Protected Health Information) that is entrusted to us private and secure. We have instituted policies and procedures to ensure this data is kept confidential, including, but not limited to, the following:

Administrative Safeguards

Security is a top priority for us at Elk Grove Graphics, therefore, access to patient data is strictly enforced. All employees are required to sign a confidentiality agreement as a condition of their employment. Additionally, EGG has initiated formal practices to assign appropriate personnel access to data, and actions are in place to govern the proper movement and handling of that data.

Physical Safeguards

EGG and its data center are physically secure. Access to the building and offices are all independently controlled via card access at each level, preventing walk-up intrusion, especially after hours. EGG's entire network infrastructure data center is in a secured and locked internal facility. The primary hosting location is located in Elk Grove Village, Illinois and uses extensive data protection measures.

Technical Safeguards

To further protect sensitive data, EGG enforces unique software architecture that includes user identifications, various database audit logging, data integrity systems and verified backups, entity authentication programs, digital certificates, and increasing measures to provide better data integrity and encryption.

Questions regarding EGG's HIPAA policies or compliance may be directed to:

Elk Grove Graphics
Attn: HIPAA Compliance Officer
1200 Chase Avenue
Elk Grove Village, IL  60007

service@elkgrovegraphics.com


SOC II Type 1 Certification Statement

Updated January 1, 2020

Elk Grove Graphics is a SOC II Type 1 certified company, as verified by independant, 3rd party auditors.

What is SOC II Certification?

Developed by the American Institute of CPAs (AICPA), SOC 2 defines criteria for managing customer data based on five "trust service principles"—security, availability, processing integrity, confidentiality and privacy.

SOC 2 is an auditing procedure that ensures your service providers securely manage your data to protect the interests of your organization and the privacy of its clients. For security-conscious businesses, SOC 2 compliance is a minimal requirement when considering a provider.

SOC 2 certification is issued by outside auditors. They assess the extent to which a vendor complies with one or more of the five trust principles based on the systems and processes in place.

Type I describes a vendor's systems and whether their design is suitable to meet relevant trust principles.