SIgma-RCM-300x300 rstrefawer

Compliance & Data Security at for Sigma RCM

At Sigma RCM, we understand that the security of our clients' data is paramount. We are committed to maintaining the highest standards of regulatory compliance and data protection. Our comprehensive security measures and adherence to industry regulations ensure that our clients can trust us with their sensitive information. Below, we outline our compliance standards, data security practices, privacy policy, incident response procedures, and our commitment to continuous improvement.

HIPAA Compliance

The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for protecting sensitive patient data. At Sigma RCM, we are fully compliant with HIPAA regulations, ensuring that all health information is handled with the utmost care and confidentiality.

Administrative Safeguards: Regular risk assessments, staff training, and clear policies and procedures.
Physical Safeguards: Secure facilities, access controls, and protection of physical hardware.
Technical Safeguards: Encryption of data, secure access controls, and audit controls to monitor access and usage.

GDPR Compliance

The General Data Protection Regulation (GDPR) is a stringent data protection law that governs the privacy of individuals within the European Union. Sigma RCM adheres to GDPR standards, ensuring the lawful, fair, and transparent processing of personal data


Lawfulness, Fairness, and Transparency: Clear privacy notices and obtaining explicit consent.

Data Minimization: Collecting only data that is necessary for specified purposes.

Rights of Individuals: Respecting rights to access, correct, delete, and port personal data.

Data Security Practices

Encryption

We use advanced encryption methods to protect data at rest and in transit, ensuring that sensitive information remains secure.

  • Data at Rest: AES-256 encryption for stored data.
  • Data in Transit: TLS (Transport Layer Security) for data being transmitted over the internet.
Access Controls

Access to sensitive data is strictly controlled through role-based access permissions, ensuring that only authorized personnel can access certain data.

  • Authentication: Multi-factor authentication for system access.
  • Authorization: Role-based access controls to limit data access based on job responsibilities.
  • Monitoring: Continuous monitoring and logging of access activities.
Network Security

Our network security measures include firewalls, intrusion detection / prevention systems (IDS/IPS), and regular security audits.

  • Firewalls: Multi-layered firewall protection to prevent unauthorized access.
  • IDS/IPS: Systems in place to detect and prevent potential security breaches.
  • Audits: Regular security audits and vulnerability assessments to identify and mitigate risks.
Data Backup & Recovery

We maintain regular data backups and have comprehensive disaster recovery plans to ensure the availability and integrity of client data.

  • Backups: Daily automated backups stored in secure, geographically dispersed locations.
  • Recovery Plans: Tested disaster recovery plans to quickly restore data in case of any incident.

Privacy Policy

Data Collection & Use

We collect only the necessary data required to provide our services and ensure it is processed lawfully, fairly, and transparently.

  • Types of Data: Personal identification information, health records, financial information.
  • Purpose: To provide RCM services, comply with legal obligations, and improve our services.
  • Legal Basis: Obtaining explicit consent from data subjects and ensuring compliance with relevant laws.
Data Retention

We retain personal data only as long as necessary to fulfill the purposes for which it was collected or as required by law.

  • Retention Periods: Specific retention periods based on data type and regulatory requirements.
  • Deletion Procedures: Secure deletion methods for data that is no longer needed.

Sigma RCM is dedicated to maintaining the highest standards of security and regulatory compliance. Our comprehensive measures ensure that our clients' data is protected at all times. For more information about our compliance and security practices, please contact us at compliance@sigmarcm.com or +1 (408) 600-1326

Scroll to Top