Velcro USA Inc. 95 Sundial Avenue Manchester, NH 03103 USA 38. How does your firm assist clients with HIPAA compliance? Tel: (+1) 603 669 4880 Our clients can lean on Director of Compliance, Susan Sonkin, for support with HIPAA compliance. We also use a toolkit from UBA partner Fisher Phillips to ensure we remain HIPAA compliant, and EBS team members receive annual training on HIPAA Compliance and Data Privacy Training. EBS also has a relationship with the law firm Fisher Phillips https://www.fisherphillips.com/ to deploy modular HIPAA training to our clients. This service would be at an additional discounted fee. 39. Describe how your firm maintains client records in a HIPAA secure environment. EBS has adopted policies and procedures to protect and secure Protected Health Information as required under HIPAA and personal information as required under the Massachusetts Data Privacy law. Some examples include: • EBS Employees receive training each year on the proper way to maintain HIPAA related information. • Data backup plan: All servers are backed up every 15 minutes to a raided storage device. Every file is logged and tracked, enabling recovery of files that have been subsequently “saved over”. • Disaster recovery plan: In the event of a disaster, EBS has contracted through United Benefit Advisors with Agility Recovery to ensure minimal downtime and recovery of any data that might be lost in the process, both for electronic and physical data and files. • Limiting physical access to electronic information and our facility through electronic key card access for doors to the workspace, key locks on all cabinets that contain privileged information. • Secured Firewall for all company information, requiring both firewall password access AND individualized user password access. • 90-day user password time-out, requiring a new password that has not been utilized in the past 20 passwords. Passwords also require capitalized, lower case, and unique characters (!, #, &, etc.) to be included in all passwords. • All users can transmit encrypted emails easily from their Outlook desktops using 256-bit Advanced Encryption Standard encryption technology. 40. Describe your in-house legal advisors or outside counsel who provides guidance to you and your clients? Josie Martinez, Senior Partner, is our in-house General Counsel. Fisher Phillips is our preferred external resource on a national basis. EBS also maintains relationships several local New England law firms. 41. Describe methods you employ to disseminate information about current trends and legislation. Please provide examples. EBS Director of Compliance, Susan Sonkin, would provide you with timely compliance alerts and updates. Urgent alerts are disseminated via email as soon as possible. Susan is always a phone call or email away, so you can reach out to her anytime with questions or concerns. Please see exhibit I for an example of a compliance alert. 22