< Insert 1>

Management has developed and communicated to transportation providers,

governments and managed care providers, treating facilities, and riders procedures to
restrict logical access to the TMS. Changes to these procedures are performed
annually and authorized by senior management. These procedures cover the following
key security life cycle areas:

 Data classification (data at rest, in motion, and output)

 Categorization of information

 Assessment of the business impact resulting from proposed security approaches

 Selection, documentation, and implementation of security controls

 Performance of annual management self-assessments to assess security

controls

 Authorization, changes to, and termination of information system access

 Monitoring security controls

 Management of access and roles

 Maintenance and support of the security system and necessary backup and
offline storage

 Incident response

 Maintenance of restricted access to system configurations, super user

functionality, master passwords, powerful utilities, and security devices (for
example, firewalls)

<Insert 2>
XYZ designs its processes and procedures related to TMS to meet its objectives for its
MT services. Those objectives are based on the service commitments that XYZ makes
to user entities, the laws and regulations that govern the provision of MT services, and
the financial, operational, and compliance requirements that XYZ has established for
the services. The MT services of XYZ are subject to the security and privacy
requirements of the Health Insurance Portability and Accountability Act Administrative
Simplification, as amended, including relevant regulations, as well as state privacy
security laws and regulations in the jurisdictions in which XYZ operates.
 Security commitments to user entities are documented and communicated in Service
Level Agreements (SLAs) and other customer agreements, as well as in the
description of the service offering provided online. Security commitments are
standardized and include, but are not limited to, the following:

 Security principles within the fundamental designs of the TMS that are designed
to permit system users to access the information they need based on their role in
the system while restricting them from accessing information not needed for their
role

 Use of encryption technologies to protect customer data both at rest and in

transit

<Insert – 3>
XYZ Service Organization (XYZ) provides medical transportation (MT) services
throughout the United States. The Company was founded in 19XX to provide MT
services to Medicaid recipients.

XYZ’s core application, Transportation Management System (TMS), is a multiuser,

transaction-based application suite that enables the processing and delivery of
transportation and logistics services. The TMS enables processing of the following
tasks related to MT trips:

 Capturing data for transportation providers, governments, and managed care

providers (user entities), treating facilities, and riders

 Determining rider eligibility

 Providing gate keeping and ride authorization

 Managing complaints and verifying compliance with transportation agreements

 Managing transportation providers

 Reconciling billing to completed rides

 Providing operational, management, and ad hoc reports

 Providing data reporting in a variety of formats

<Insert – 4>
 The TMS runs on Microsoft Windows file servers using a wide area network.

Employees access the application either through their desktop on company-supplied

computers or through a Citrix Access Gateway. Data communications between offices
are encrypted with Cisco virtual private networking (VPN) technology using Advanced
Encryption Standard 256-bit encryption to protect data and intra-company
communications.

The TMS uses the IBM DB2 relational database management system. These database
servers and file servers are housed in XYZ’s secured network operations centers
(NOCs).
< Insert -5 >
The TMS is a Microsoft Windows client-server application developed and maintained
by XYZ’s in-house software engineering group. The software engineering group
enhances and maintains the TMS to provide service for the company’s transportation
providers, governments and managed care providers (user entities), treating facilities,
and riders. XYZ’s software is not sold on the open market.

The TMS tracks information in real time. The information is immediately stored in the
database and is accessible for daily operations, service authorization, trip scheduling,
provider reimbursement, agency monitoring, and report generation. The information
can be retrieved, reviewed, and reported as needed to create the history of approvals
and denials for any rider. Information can be retrieved by rider identification number,
rider name, trip date, facility attended, and transportation provider.

External websites are supplied to supplement XYZ’s ability to communicate and

exchange information with transportation providers, governments and managed care
providers (user entities), treating facilities, and riders. Each website targets a specific
audience and is designed to address their business needs. These include a site for the
transportation providers, governments and managed care providers, treating facilities,
and riders.

The XYZ transportation provider web interface is a multiuser, web-based application

that helps to manage the flow of information between XYZ and the transportation
providers. This website allows transportation providers to enter and retrieve certain
information about trips they were assigned by XYZ. It also provides some specific
performance reports to help them manage their work with XYZ. To access the site,
transportation providers must sign up for the site and fill out certain EDI forms.
 The XYZ facility services website supports transportation requests from treating
facilities on behalf of their clients. The purpose of the site is to provide a means to
request trips and to manage trip requests online without the need to call an XYZ call
center. The facility services website allows a treating facility to enter a single trip or
standing order request for review and approval by an XYZ facility representative, look
up and view trip requests, modify or update pending requests, and withdraw pending
requests.

The XYZ member services website is like the facility services website, except its focus
is on the riders. After a rider has successfully logged in, he or she is able to request
new trip reservations, view pending requests and processed reservations, edit pending
requests, withdraw pending requests, and cancel existing reservations. Requests are
placed in a request queue within the TMS database for review by call center personnel
through the TMS.

The XYZ client reporting interface is provided as a service to XYZ’s government

agencies and managed care providers (user entities). This interface allows them to
monitor basic statistics of their business and resolve simple questions and complaints.
Summary reports of trip volume, complaints, and utilization are available in addition to
detailed reports for single trips, single complaints, and rider eligibility.
<Insert – 6>
XYZ has a staff of approximately 500 employees organized in the following functional
areas:

 Corporate. Executives, senior operations staff, and company administrative support

staff, such as legal, compliance, internal audit, training, contracting, accounting,
finance, human resources, and transportation provider relations. These individuals
use the TMS primarily as a tool to measure performance at an overall corporate
level. This includes reporting done for internal metrics as well as for XYZ’s user
entities.

 Operations. Staff that administers the scheduling and administration of

transportation providers and riders. They provide the direct day-to-day services,
such as transportation reservation intake, trip distribution to transportation providers,
quality assurance monitoring, medical facility support, service claims adjudication,
transportation network support, and reporting.
  Customer service representatives take phone calls directly from riders to
arrange transportation. These requests are entered into the TMS and initiate
the life cycle of a trip.

 Transportation coordinators use the TMS to assign trips to transportation

providers. They also manage rerouting and dispensing work from the TMS to
the transportation providers on daily trip lists via fax. Transportation managers
maintain the transportation provider network database, including updates for
training, violations, screenings, and other compliance measures.

 Quality assurance (or utilization review) employees use reports generated by

the TMS to select samples of trips that are tested for contractual compliance
and to monitor for fraud and abuse. They also take complaints from riders,
facilities, and transportation providers and work them to resolution, using tools
within the TMS.

 The facility staff manages the facility database for the TMS. They also maintain
the transportation standing orders within the system and take single trip
requests from facilities only.

 The claims staff receives requests for payment and adjudicates these claims in
the software. This includes invoice management, trip verification, and billing
support.

 A reports manager typically uses the TMS to produce contract-level specific

reports for XYZ’s user entities.

 IT
<Insert – 7>
As defined by XYZ, …. constitutes the following:

 Master transportation file data

 Transaction data

 Electronic interface files

 Output reports

 Input reports

 System files

 Error logs
Transaction processing is initiated by the receipt of a trip or standing order request.
This request typically comes directly from a rider or treating facility by telephone or via
the websites, or it may arrive by fax from a treating facility. After the trip is completed,
the transportation provider sends XYZ paper documents with daily trip information,
including information about completed trips, cancellations or no-shows, and weekly
driver logs, all of which is entered into the system's verification module; a portion of this
trip completion information may be entered on the XYZ transportation provider web
interface.

Output reports are available in electronic PDF, comma-delimited value file exports, or
electronically from the various websites. The availability of these reports is limited by
job function. Reports delivered externally will only be sent using a secure method—
encrypted email, secure FTP, or secure websites—to transportation providers, treating
facilities, and governments or managed care providers using XYZ-developed websites
or over connections secured by trusted security certificates. XYZ uses Transport Layer
Security to encrypt email exchanges with government or managed care providers,
facility providers, and transportation providers.