QS/1's Keys to Security: Business Security

QS/1’s Data Center

QS/1 is recognized by Electronic Healthcare Network Accreditation Commission (EHNAC), which means it meets regulatory compliance with HIPAA, HITECH, ARRA and the Affordable Healthcare Act. The standards organization is designed to improve transactional quality, operational efficiency and data security in healthcare and represents electronic health networks, payers, hospitals, physicians, consumer groups, state regulators, security organizations and vendors. QS/1 is also certified with ePAP for e-Prescribing Networks and HNAP EHN for clearinghouse health networks. Our Data Center houses systems and networks that support QS/1's internal operations and external services, including prescription insurance claim processing, e-Prescribing transactions, payment-card processing and cloud-based application hosting. QS/1's Data Center’s prescription insurance and e-Prescribing services are EHNAC HNAP and ePAP accredited. The Data Center houses a Level 1 Payment Gateway and is PCI-DSS certified for the following services: Clearing &Settlement, Payment Gateway/Switch, Payment Processing-Internet, Payment Processing-Point-of-Sale and Tax/Government Payments.

Helpful links:
EHNAC information
Data Center


HIPAA

QS/1 has a comprehensive Health Insurance Portability and Accountability Act (HIPAA) Compliance Program that addresses issues concerning the privacy and security of protected health information (PHI) as mandated by the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH) and the Omnibus Final Rule of 2013 (collectively defined as HIPAA). QS/1 systems, software and networks are Health Insurance Portability and Accountability Act (HIPAA) compliant based on today’s standards. QS/1 closely monitors both the National Council for Prescription Drug Programs (NCPDP) and the ANSI standards and strictly follows their standards and guidelines.

Helpful links:
HIPAA information
QS/1 and HIPAA compliance
QS/1 Statement of HIPAA Compliance


PCI Compliance

The Payment Card Industry Data Security Standard (PCI-DSS) is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment. QS/1 takes its commitment to customers and the industry seriously and obtains yearly certifications for the industry standard. QS/1 is a Level 1 merchant and currently certified for Version 3.2. QS/1’s PCI compliance is audited by Trustwave®. QS/1 also obtains yearly certifications for Payment Application Data Security Standard (PA-DSS). In addition to certification for processing the new chip-and-pin cards using the current EMV standards, it also includes the use of end-to-end encryption (E2EE) for transmissions of card data along with tokenization for customers who must store credit card data for recurring charges.

Helpful links:
PCI-DSS Webinar
QS/1 PCI-DSS Acknowledgement


QS/1’s PowerLine™

PowerLine was developed by QS/1 and processes more than a million prescription transactions daily. It is one of the industry's top three prescription processing switches.

Helpful links:
PowerLine plan information


Electronic Prescribing of Controlled Substances

QS/1’s Electronic Prescribing of Controlled Substances (EPCS) provides electronic communications between prescribers and pharmacies to generate, transmit and fill prescriptions for Schedule II, III, IV and V controlled-substance prescriptions. It secures electronic record keeping, which reduces fraud and abuse and offers software certified by Surescripts®, eRx Network® and the Drug Enforcement Administration (DEA).

Helpful links:
QS/1’s EPCS
Enroll in EPCS


Back-Up and Disaster-Recovery Services

It is crucial to have a solid disaster recovery partner. QS/1 offers several solutions to help protect your operation and get you back in business as quickly as possible in the event of a natural or man-made disaster. We protect your data by storing it in two separate, secure ASP cloud-based locations. Backups are transmitted using the government-certified FIPS 140-2 AES algorithm, and a daily confirmation email is sent after the backup is complete to ensure you know your data is safe. Recovery service includes equipment replacement, data reloading and system configuration and testing. QS/1 also offers ShadowProtect® local back-up solution through StorageCraft®. It encrypts back-up data with industry standard AES 256-bit encryption and provides an alert notification message that displays the back-up status on the desktop. It works on existing hardware. For more information or to enroll, contact QS/1 Upgrades at 800.845.7558, ext. 1412.

Helpful links:
QS/1’s Remote Backup service
Remote Backup FAQ
ShadowProtect by StorageCraft