Engagement Model

TRANSITION METHODOLOGY

At an organization level, any outsourcing project would involve the tangible changes in structure, processes, technology, and culture that the organization would go through to go from the current state to the desired future state. At the individual level, it would involve the processes needed for the individuals to adjust to the new way of working.

Our structured approach to outsourcing & consistent track record of successful execution has helped us build credibility and a position as "your most preferred outsourcing partner".

Our comprehensive methodology takes care of all three phases of the Outsourcing Services Transitioning; Pre- Transition, Transition and Post Transition/ Steady phase.

SMART - SPECIALIZED MIGRATION AND REVIEW TEAM

ARMFOX has a dedicated transition management team called SMART - Specialized Migration and Review Team. It is an experienced Transition Team comprising of multidisciplinary expertise in Operations, Quality & Information Technology and trained in Business Process Transition and Project Management to help integrate all aspects of the outsourcing solution. The team is capable of analyzing outsourcing potential and advising risk mitigation strategies. This expertise of the core team combined with relevant experience and skills help ARMFOX always deliver best-fit transition solution.

POST IMPLEMENTATION EVALUATION REPORT (PIER)

A Post Implementation Evaluation Report (PIER) documents the successes and failures of the project. It provides a historical record of the planned and actual budget and schedule. Other selected metrics on the project can also be collected, based upon organization procedures. The report also contains recommendations for other projects of similar size and scope.

Contents of PIER are:

• Initial Evaluation and Management specialized

• Independent Medical Evaluation

• History and Physical Examination Reports

• Consultation

• Operative Notes

• Progress Notes

• SOAP Notes

• Discharge Summary

• Pathology Report

SECURITY & CONFIDENTIALITY

We take all compliance related concerns of our customers very seriously and we address them proactively. Our delivery center houses the most technologically advanced infrastructure to handle data security issues. Here is how we go beyond the basics measures:

Data Confidentiality

• In view of the sensitivity associated with the Healthcare Information, all our teams work on fully locked down dumb terminal PC's which don't have a floppy drive, CD drive or a USB port.

• The teams have restricted remote access to the client’s software applications and tools enabling them to do the work required to accomplish the required services only in a secure manner. Specific client networks are physically isolated and have dedicated firewalls into the client’s network for an additional security.

Network Security

• Full-time in-house security team dedicated to monitoring hacker sites, assessing possible threats. This team ensures Physical security, network security, applications, desktop and voice and data security, Centralized control over enterprise resources, change control, access control and configuration management for minimum disruption in customer service delivery. Rigorous round the year audits are conducted to evaluate threats and develop and implement the relevant counter.

Physical Security

• In our delivery center, no one is allowed in without screening and no one is allowed to bring in or take any information capture devices including mobile phones and cameras. The facility is truly locked down with access only to authorized individuals in client specific areas protected by card readers and secure access systems. A 24x7 security force physically guards the facility against any unauthorized access.

100% HIPAA Compliant

• We are committed to achieving and maintaining compliance with the Health Insurance Portability and Accountability Act (HIPAA) of 1996. As your trustworthy partner in the chain of carrying patient health information, we have in place specific technical and physical security features for our data system, including identification of authorized users, control of system access, data integrity, and backup/recovery to ensure availability and reliability.

• In compliance with HIPAA, security is maintained using a combination of authorized mechanisms and secure socket layer protocol.

Authentication

• Authentication is ensured through the efficient use of passwords to establish user identity. Access to our proprietary workflow and distribution system is granted only after authentication.

Integrity

• Data, program, system, and network integrity play a role in ensuring that information is exchanged only in an authorized manner.

Audit Trial

• Complete logging of all modifications made to each and every document including the name of the editor, editor's role, and time of edit.

System Security Monitoring

• Monitoring of activities occurring in our system to prevent and/or detect any breach.

Data Storage and Transmission Features

• Secure physical storage of all data and secure transmission. This includes constant surveillance by network experts, premises protected by security guards, and securely encrypted transmission between ARMFOX and its clients.

Confidentiality Agreements

• We restrict access to all confidential information. Only select employees may access the system for administrative and support purposes. These employees are very limited in number and are committed to the ARMFOX privacy and security policies. ARMFOX signs a Confidentiality Agreement with each of our employees and our customers. This clause outlives the life of the contract itself.

HIPAA Compliance

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a significant health care reform law that passed Congress in 1996. The law has its roots in the Clinton Health Reform proposal, and its primary purpose was to provide better access to health insurance as well as to toughen the law concerning healthcare billing fraud. There are other corollary sections of the law related to administrative simplification and privacy of protected health information that has far-reaching effects for Providers, Payers, Managed Care Organizations, their business associates, and any entity storing, processing, and transmitting healthcare information.

HIPAA amends the Internal Revenue Code of 1986 by:

• Improving portability and continuity of health insurance coverage in the group and individual markets

• Combating fraud, waste, and abuse in health insurance and healthcare delivery

• Promoting the use of medical savings accounts

• Improving access to long-term care services and coverage

• Simplifying the administration of health insurance

In addition, the Act includes provisions for improving and monitoring the security and confidentiality of any records containing health plan member and patient information. In 1998, the Department of Health and Human Services (HHS) proposed, as part of these HIPAA provisions, a Nation Standard Provider Identifier (NPI), a National Standard Employer Identifier and security standards for electronic health data.

The Administrative Simplification rules of HIPAA are intended to improve efficiency in healthcare delivery through standardized, electronic transmission of many administrative and financial transactions as well as protection of confidential health information.

HIPAA Readiness

We take all compliance related concerns of our customers very seriously and we address them proactively. Our delivery centers house the most technologically advanced infrastructure to handle data security issues. Here is how we go beyond the basics.

Data Confidentiality

In view of the sensitivity associated with the Healthcare Information, all our teams work on fully locked down dumb terminal PCs which don't have a floppy drive, CD drive or a USB port. No process executive has an email access and there is no movement of data across the globe.

The teams have restricted remote access to the client's software applications and tools enabling them to do the work required to accomplish the required services only in a secure manner. Specific client networks are physically isolated and have dedicated firewalls into the client's network for an additional security.

Physical Security

In our delivery center, no one is allowed in without screening and no one is allowed to bring in or take any information capture devices including mobile phones and cameras. The facility is truly locked down with access only to authorized individuals in client specific areas protected by card readers and biometric technology enabled protected access systems. A 24x7 security force physically guards the facility against any unauthorized access.

Employee Hiring & Background Checks

Our HR department conducts extensive background checks on all new employees prior to our "employee confirmation process." Once confirmed, employees can access our system only with valid logins and passwords. Furthermore, access to sensitive information is on a "need to know basis" and we constantly keep watch to prevent any of our clients' data from being accessed except by authorized employees. In addition, all our employees receive confidentiality training (as required by HIPAA) and must sign confidentiality agreements.