Compliance

Vezita Healthcare is committed to protecting the Confidentiality, Integrity, and Availability of assets belonging to the company, customers, suppliers, and vendors from threats and to comply with legal, regulatory, and contractual obligations by following a risk-based approach, which is paramount in protecting the integrity of global operations to achieve customer delight.

Information Security Policy

The top priority of Vezita Health is to protect the Confidentiality, Integrity, and Availability of information assets belonging to the company, customers, suppliers, and vendors. A risk-based approach ensures compliance with legal, regulatory, and contractual requirements. This policy must be implemented to maintain the integrity of operations at Vezita Healthcare and to ensure customer satisfaction.

SSAE 16 Type II

Vezita Health ensures that operational effectiveness and controls are followed and adopted. To ensure regular assessment of risks associated with the processes and implementation of necessary controls, Vezita undergoes external assessments by qualified professionals. Vezita now meets SSAE 16 Type II standards.

Administrative Controls

Administrative controls of Vezita Healthcare include safeguarding information and computing resources from unauthorized access. Systems and procedures for physical access control are developed and implemented. It assures the protection of physical access to all business data, related application systems, operating systems software, and the systems holding these data and software from unauthorized or illegal access. The controls in place are adopted from the HIPAA SOA and ISO 27001 standards, and the best practices are incorporated across the organization, which in turn are assessed by both internal and external auditors (certification body).

Information Security Management

Vezita Healthcare considers information security management as a key business responsibility shared by all members of the management team, led by the Chief Information Officer (CISO), who is assisted by the Information Security Manager (ISM) and a team of Global Information Security Forum (GISF). Vezita has been certified by an external certifying body as part of the ISO/IEC 27001 information security management framework.

Vezita Healthcare undertakes internal audits periodically to ensure compliance. It encompasses all information assets, procedures, and documents, information technology security, employee security, physical and environmental security, incident management, business continuity management, disaster management, and contractual obligations

HIPAA - Health Insurance Portability and Accountability Act of 1996

Vezita Healthcare is certified for HIPAA, and Vezita has implemented administrative, technical, and physical safeguards in the facility and HIPAA controls.

The compliance team and external certifying body conduct regular HIPAA audits on the premises and provide necessary awareness training to all its employees and third-party vendors.

All employees and third-party vendors sign Non-Disclosure Agreements when joining the organization. Failure to comply with compliance will lead to disciplinary action.

Business Continuity Management

Vezita Healthcare's top priority is to operate effectively under adverse conditions, whether they are natural or man-made. In such situations, the safety of human life is the primary concern, followed by the restoration of critical business processes. Vezita has identified vulnerabilities and implemented controls to prevent prolonged outages of critical services. All three Vezita facilities are certified for information security and HIPAA compliance, and businesses can be redirected to alternate facilities at any time.