Brightree Responsibilities for Security
Brightree is responsible for doing certain things to help maintain the security of Customer data and of the Brightree System, including:
Complying with its contractual obligations — Brightree executes a Business Solutions Provider Agreement (the “BSP Agreement”) with each customer that provides for the protection of Proprietary Information and includes a Business Associate Addendum to comply with the requirements of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as amended. Brightree will comply with its obligations under contract and at law.
Maintaining secure and confidential passwords — Brightree has protocols related to passwords and confidentiality that it will maintain and enforce.
Periodically reviewing access — Brightree has protocols to monitor access to its systems that it will maintain and enforce.
Disabling access to the Brightree application — Brightree has protocols related to review of access by its employees and by third parties that it will maintain and enforce.
Monitoring — Brightree monitors its systems for security purposes and will continue to do so.
Providing for its customers to maintaining security configurations — Brightree knows that security is a two way street and your data is best secured when both you and we are watching it. Brightree will continue to allow you to configure the system yourself for security and other purposes.
Protecting its systems and equipment against infection by computer viruses, malicious codes and unauthorized software — Brightree protects its systems and equipment from computer viruses, malicious codes and unauthorized software with its policies and processes, and will continue to do so.
Customer Responsibilities For Security
Brightree Customers are responsible for doing certain things to help maintain the security of their data and of the Brightree System. All customers should be doing each of the following:
Understanding and complying with their contractual obligations — You have executed a Business Solutions Provider Agreement (the “BSP Agreement”) with Brightree that provides for the protection of Proprietary Information and includes a Business Associate Addendum. You should familiarize yourself with the terms of that Agreement and with the provisions of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as amended.
Maintaining secure and confidential passwords — Your passwords are the gateway to the Brightree system and your database within that system. Secure and confidential passwords will prevent unwanted persons from seeing your data.
Periodically reviewing your active User accounts — You should make sure that you review the persons to which you have given access to the Brightree system on a regular basis to make sure that no unwanted persons have access rights.
Disabling access to the Brightree application for terminated employees or persons for whom you have granted access to the Brightree system but that you no longer want to allow access to — The Brightree BSP Agreement only allows access to the Brightree System to “Users”, who are employees of our Licensees that are authorized to utilize the Brightree System. No matter what you think about a person that you no longer employ or that you used to let into your Brightree database, once they no longer work for you you should immediately remove their access to the Brightree System. Not only is the data in your database important to you as you run your business, you are legally obligated to protect it. Ex-employees or contractors can become competitors, or worse.
Immediately notifying Brightree of any actual or suspected data breaches, including compromised user accounts — Brightree can only help you respond to an issue if it knows there is an issue.
Maintaining your own configurations for security and access controls within the Brightree Solution — Brightree allows you to configure many access controls yourself for security purposes. We strongly recommend that you take advantage of that ability.
Notifying Brightree of changes made to administrative or technical contact information — For your protection, Brightree wants to communicate with persons that you authorize or have told us you trust. If you don’t keep us updated as to whom those people are, or what roles they currently fill in your organization we may provide information to a person that no longer fills a role that might entitle them to that information.
Protecting your equipment against infection by computer viruses, malicious codes and unauthorized software — There are many ways for your data to be compromised on your computer or internet access point. Brightree uses sophisticated systems to protect the Brightree system. You should take measures to protect yourself and your computers.
Ensuring the supervision, management and control of the use of the Brightree software by your personnel — Your employees that you authorize to access the Brightree system will have the ability to enter and manipulate information, run reports and do the things that authorized Users can do. Please manage them accordingly.