PGBA’s commitment to compliance is so fundamental to our organization that we have a dedicated compliance division, independent of business operations. This single-minded focus ensures that we comply fully with all required standards, rules and regulations in developing the highest-quality tailored solutions for our customers. We work collaboratively to formulate and establish performance standards that meet customers’ specific expectations, as well as our own benchmarks for quality and accuracy.
Our robust compliance program provides up-to-the-minute guidance regarding the protection of our customer’s protected health information (PHI). Our program is HIPAA (Health Insurance Portability and Accountability Act) compliant, and directs our company and customers to “always do the right thing.”
Standards, Clearances and Frameworks
PGBA complies with National Institute of Standards and Technology (NIST) 800-171 and understands the impact of security procedures and documentation. We meet regularly with the government to review system integration, implementation and testing concerns, and we carefully monitor evolving information systems security requirements and policies.
PGBA requires all HIPAA-trained employees who perform work on federal contracts to obtain ADP-II (Automated Data Processing-II) clearance (through the Office of Personnel Management). As required, PGBA is able to seamlessly transition vetted staff to contracts — ensuring background security investigations are completed expeditiously.
We follow the DoD architecture framework used to support interoperating and interacting DoD components. We interface with government systems such as Defense Eligibility Enrollment Reporting System (DEERS) and TRICARE Encounter Data (TED) through government-tested and approved networks.
Education and Accountability
PGBA’s compliance team holds frequent training sessions and conducts audits and reviews to ensure all personnel’s knowledge is up-to-date. We foster an environment where employees feel empowered to address compliance issues through multiple internal channels. Additionally, we make a separately contracted hotline available to all HIPAA-compliant employees, allowing them to quickly (and if desired, anonymously) report any suspected instances of non-compliance.