Reporting
Suspected Data Breach or Security Concerns are to be reported immediately.
JBarrett@millinmedical.com
What to expect once reported:
- Immediate acknowledgment of receipt
- Formal documentation in our tracking system
- Regular updates on the status throughout the incident lifecycle
- [Data Incident Closure Template]
System Use
- The MillinPro+ information system is used to support Federal, State, and Local Government, and may only be accessed and used for official Government business by authorized personnel only.
- Unauthorized access, actions, use, modification, or disclosure of the data contained herein or in transit to/from this system constitutes a violation of the Computer Fraud and Abuse Act, Pub. L. No. 99-474, codified at 18 U.S.C. ยง1030, state criminal and civil laws, and may subject violators to criminal, civil, and/or administrative action and penalties.
- All authorized use of this system must comply with Executive Orders, directives, policies, regulations, standards, and guidance. Any unauthorized use or actions will be investigated, and if required, prosecuted.
- All data contained within this information system may be monitored and recorded and disclosed in any manner by authorized personnel. By proceeding to access the information system, the user acknowledges that there is no right to privacy in this system.
- System personnel may provide law enforcement officials, for investigation and prosecution purposes, any potential evidence of crime found within this information system.
- The use of this system by any user, authorized or unauthorized, constitutes consent to monitoring, recording and disclosure.
Information Sensitivity covered under PHI and PII Regulatory Requirements.
- PHI (Protected Health Information)**: Refers to any information in a medical context that can identify an individual and relates to their past, present, or future physical or mental health condition, healthcare provided, or payment for healthcare. It is a subset of PII but specifically pertains to health data and is protected under laws like the U.S. **HIPAA (Health Insurance Portability and Accountability Act)**. Examples include medical records, insurance information, or details of doctor visits tied to a person.
- PII (Personally Identifiable Information)**: Refers to any data that can identify an individual, either directly (like a name, Social Security number, or email address) or indirectly (like combining a ZIP code and birth date to identify someone). PII is a broader category that encompasses any personal information, not just healthcare-related information.
Privacy Impact Assessment Policy Statement
- Millin Associates recognizes its responsibility to safeguard the privacy of personally identifiable information (PII) and protected health information (PHI) entrusted to us by our clients and their patients. In alignment with NIST SP 800-53 Revision 5, control RA-8, the organization maintains a Privacy Impact Assessment (PIA) process as a living activity that is:
- Ongoing: PIAs are conducted not only during system acquisition and deployment but also updated whenever technology, practices, or regulatory requirements change.
- Comprehensive: PIAs address the full set of applicable NIST privacy controls, identifying risks and recommending mitigations.
- Vendor-inclusive: Vendor assessments include structured evaluation of privacy controls, not limited to breach notification or policy presence.
- Integrated with Change Management: All system changes, updates, and maintenance activities require a documented privacy risk classification (Low/Moderate/High/Not Applicable).
- This ensures that privacy considerations are embedded into system lifecycle management, vendor oversight, and day-to-day operations, thereby reducing the risk of inappropriate disclosure or misuse of PII/PHI.
Millin Business Model
- Millin Medical operates strictly as a B2B (Business-to-Business) entity, processing medical claims on behalf of healthcare providers
for submission to payers. We do not offer consumer-facing services, nor do we interact directly with individuals regarding their
personally identifiable information (PII). All HIPAA and PII data remain securely contained within our Azure cloud environment,
and data is disclosed only to the extent necessary for claims processing and payment purposes, in compliance with legal and contractual
requirements. Therefore, mechanisms for individual access and review of PII are not applicable to our business model.
Compliance Section
- Millin Medical is committed to maintaining compliance with all applicable laws and regulations governing the privacy and security of PII and PHI.
- Regular audits and assessments are conducted to ensure adherence to HIPAA, HITECH, and other relevant standards.
- Staff training programs are implemented to promote awareness and understanding of compliance requirements.
- Policies and procedures are regularly reviewed and updated to reflect changes in regulations and best practices.
[Compliance Details]
Millin Technical Leadership
Leadership Roles
-
Chief Technology Officer (CTO) - James Barrett
Overarching responsibility for technology strategy, security, and system architecture.
[Job Description]
JBarrett@millinmedical.com
-
Chief Information Security Officer (VCISO) - Ken Clegg, CISSP, Associate C|CISO, CEH
Oversees all aspects of information security, compliance, and risk management.
[Job Description]
security@millinmedical.com
-
Chief Compliance Officer (CCO) - James Barrett, CTO
Ensures the organization complies with legal and regulatory requirements, including HIPAA and OHIP standards.
[Job Description]
JBarrett@millinmedical.com
-
Chief Operating Officer (COO) - Martina Malvoni
Manages day-to-day operations, including partnerships with EMR systems and operational workflows.
[Job Description]
mmalvoni@millinmedical.com
Technical Roles
-
IT Manager / Systems Administrator - Casey M. Napoli
Responsible for maintaining internal systems, network security, and user access controls.
[Job Description]
cnapoli@millinmedical.com
-
Software Development Manager - Chris Beard
Oversees development teams, manages lifecycle management of proprietary and partner-integrated systems.
[Job Description]
CBeard@millinmedical.com
-
Data Architect - Chris Beard
Designs and maintains secure data storage solutions, especially for patient and billing data.
[Job Description]
CBeard@millinmedical.com
-
DevOps Engineer - Chris Beard
Implements secure deployment pipelines, manages cloud resources, and enforces CI/CD practices.
[Job Description]
CBeard@millinmedical.com
-
Cybersecurity Analyst - James Barrett, CTO + (Atmosera, Quzara - Cyber Torch)
Monitors for threats, performs vulnerability assessments, and ensures adherence to security best practices.
[Job Description]
JBarrett@millinmedical.com
-
Database Administrator (DBA) - James Barrett, CTO
Manages databases, optimizes performance, and ensures data integrity and compliance with OHIP standards.
[Job Description]
JBarrett@millinmedical.com
-
Cloud Security Specialist - Jon Knight + (Atmosera)
Focuses on security measures for cloud-hosted environments and ensures alignment with compliance standards.
[Job Description]
JKnight@millinmedical.com
-
Data Privacy Officer - James Barrett, CTO
Ensures patient and billing data privacy regulations are followed.
[Job Description]
JBarrett@millinmedical.com
-
Risk Officer - James Barrett, CTO
Identifies, assesses, and mitigates risks across IT and business operations, ensuring compliance with regulatory and security standards. Develops risk management frameworks, oversees audits, and collaborates with leadership to implement risk mitigation strategies.
[Job Description]
jbarrett@millinmedical.com
More information about Millin can be found at
www.millinmedical.com