Security

WORKING WITH GRAYBILL CONSULTANTS…A BETTER & SAFER WAY TO DO BUSINESS

We keep your information secure.  Period.  Being at the forefront of technologies and industry developments allows us to offer the utmost protection to you, your company – and your employees.  Of course, this also means we don’t do business as usual:

For starters, your data will be stored on state-of-the-art, web-based employee benefits and enrollment platforms.

Each of these platforms has undergone rigorous evaluations by our own experts, in addition to passing all of the HIPAA and HITECH security provisions.  All your information is thus stored electronically, securely – and you won’t have to store or shred another loose piece of paper with Protected Health Information (PHI) ever again.

In addition, we will ask that all employee information containing any PHI not be sent by email.  Email has ceased to be a secure method to transmit sensitive data a long time ago – and, yes, this includes all the various types of encrypted email protocols.

Instead, we will request all employee and other sensitive company information to be transmitted via a secure “lock box”.  It looks like this:

You will be given your own personal link to Graybill Consultants to a “lock box” that contains only YOUR company and employee information.  The only people with access to this lock box will be you, people of your choosing, and the Graybill team servicing your account

SECURITY PROTOCOLS

Data security is one of the cornerstones of the Graybill Consultants process. 

First,

all of your groups will be housed on state of the art, web based, employee benefits administration and enrollment platforms.  These platforms have passed all of our rigorous evaluations as well as all of the HIPPA, ERISA and HITECH security provisions.  This will secure private information electronically as well as help prevent loose pieces of paper with Protected Health Information (PHI) from having to be stored, redacted, or destroyed.

Second,

we implement a secure “lock box”, Synced Tool System for the transmission of confidential employee and sensitive company information.  Each company administrator who needs to access this system is given their own personal access, which can be revoked instantly if required.  Access to the lock box is restricted to authorized company personnel, and the members of the Graybill Consultants team assigned to the management of that particular client.

HERE ARE SOME OF THE SECURITY PROTOCOLS WE USE TO SAFEKEEP YOUR DATA:

  1. SYNCED TOOL

    …a core component of the Anchor platform, Synced Tool keeps your information confidential by

  • encrypting all data on the agent as it is transferred to the server using a 448-bit Blowfish encryption algorithm over SSL
  • allowing to remotely wipe Anchor data from machines
  • never storing passwords or confidential information in plain-text
  • SSAE16 and SAS-70 Type II compliant datacenteryOPUR
  • enforcing password complexity requirements across the Anchor system
  1. BENEFITS ADMINISTRATION PLATFORM

    …a state-of-the-art technology system we use in the online administration and management of your  

    benefits program to meet and exceed the security requirements of HIPPA and of the HITECH Act.

 Specifically, data is secured via the following method:

  • The infrastructure is hosted at Sungard, a Tier-1 hosting provider, in U.S. facilities with multi-layer protection and ISO-9001 certification
  • Sensitive data such as user passwords are encrypted through hash and salt iteration
  • All web content is delivered via 128-bit symmetric key and 2048-bit asymmetric key and EDI files are delivered via SFTP with 256-bit AES encryption
  • All data is backed up in near real-time to an offsite location in the U.S. to ensure that your data is preserved, even in the event of a disaster
  • 24/7 threat monitoring solutions to detect any intrusion attempt at any time
  • Our systems undergo rigorous annual vulnerability testing by independent 3rd party security firms to identify potential risks
  • All systems have SSAE-16 Audit Type II SOC I by an independent 3rd party auditor