COMPLIANCE
We take compliance seriously. With continuous improvement in our processes, we guarantee top-tier HIPAA compliance and safeguard client data.
ISO 9001:2015 (Quality Management Systems)
The ISO 9001:2015 certification demonstrates HealthRecon’s ability to consistently provide products and services that meet customer and regulatory requirements and continuously improve.
ISO 27001:2022 (Information Security Management Systems)
The ISO 27001:2022 certification, being the only auditable international standard that defines the requirements of an information security management system (ISMS), demonstrate that HealthRecon has defined and put in place best-in-class practices and information security processes.
ISO 27701:2019 (Privacy Information Management Systems)
The ISO 27701:2019 certification – data privacy extension to ISO 27001, demonstrates HealthRecon Connect’s commitment to compliance both under GDPR guidelines and other data privacy requirements including Personally Identifiable Information (PII).
CMMI (Capability Maturity Model Integration) is a process improvement framework that helps organizations improve their ability to deliver high-quality products and services. Level 3 CMMI maturity, the third level of maturity in the CMMI framework, is characterized by the following:
- Well-defined processes that are documented and understood by all employees.
- Use of process improvement techniques to continuously improve the quality of products and services.
- Ability to measure and track the performance of processes.
- Ability to identify and correct problems in processes.
SOC 1, SOC 2 (Type I and II) and SOC 3
A widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA), the SOC 1, SOC 2 (Type I and II) and SOC 3 audits assess the security, availability, processing integrity, confidentiality and privacy controls in service organizations against the AICPA’s Trust Services Criteria (TSC). The certifications reaffirms our commitment to providing our clientele and stakeholders the highest level of internal controls and security.
The Seal of Compliance from the Compliancy Group
HealthRecon Connect earned the Seal of Compliance from the Compliancy Group, the recognized third-party HIPAA compliance verification standard for healthcare professionals, vendors, and IT professionals across the healthcare industry. The Seal of Compliance verifies and validates that the users of The Guard™, Compliancy Group’s very own HIPAA compliance program, have made every effort to satisfy the regulatory standards outlined in the HIPAA Privacy Rule, Security Rule, Breach Notification Rule, Omnibus Rule, and HITECH, and have the documentation to illustrate it.
Better Business Bureau (BBB) - A+ Rating
The A+ rating, Better Business Bureau’s (BBB) highest rating, indicates that HealthRecon Connect met or exceeded the BBB accreditation standards, which also includes a commitment to make a good faith effort to resolve any consumer complaints. The recognition and rating awarded by BBB is a reflection of HealthRecon’s long standing commitment to integrity and excellence in service and business practices.
HITRUST Risk-Based 2-Year (r2) Certified
HITRUST Risk-based, 2-year (r2) Certified status demonstrates that the HealthRecon Connect’s Revenue Cycle Management and Microsoft Office 365 infrastructure (Data Center) managed by Microsoft located in VA, USA has met demanding regulatory compliance and industry-defined requirements and is appropriately managing risk. This achievement places HealthRecon Connect in an elite group of organizations worldwide that have earned this certification. By including federal and state regulations, standards, and frameworks, and incorporating a risk-based approach, the HITRUST Assurance Program helps organizations address security and data protection challenges through a comprehensive and flexible framework of prescriptive and scalable security controls.
Security at HealthRecon Connect
| Category | Safeguards |
|---|---|
|
Protection |
HealthRecon Connect follows all applicable data protection and privacy regulations including but not limited to HIPAA, HITRUST, SOC 1 Type 2, ISO 27001, ISO 27701, and GDPR. Beyond that, your data is encrypted with industry standard both, at rest and in transit. All employer admins and HRC employees are required to enable two-factor authentication for secure access. HealthRecon Connect has also implemented robust next generation technologies to continuously protect the environment against malicious programs. |
|
Policies and Procedures |
The HealthRecon Connect management team takes security seriously, requiring employees to follow strict security procedures. Before an employee is hired, a background check is conducted. All employees complete security awareness and HIPAA training upon being hired and annually thereafter. |
|
Monitoring |
HealthRecon Connect runs regular assessments, including vulnerability and penetration testing from 3rd-party vendors and undergoes audits and reviews to ensure up-to-date best practices are adhered to. HealthRecon Connect also continuously monitors the environment for anomalies and events. |
|
Security is Embedded In Our Culture |
Maintaining a secure company and infrastructure is a top priority at HealthRecon Connect across all teams and departments. Our rigorous security policies and procedures are woven into how we operate as an organization with integrity and ethics. |
|
Dedicated Security Team |
HealthRecon Connect’s in-house team of security, privacy and compliance specialists are focused on ensuring security, privacy and compliance across the company, in our products, services, infrastructure and operations. The team also oversees risk management and standards compliance. Company executives are directly involved in overseeing the organization’s security strategy. |
Activity Logs and audit controls
Encryption and decryption tools for communication
Automatic log-off of PCs and devices
Infrastructure
- Sophos Hardware Firewall with IPS/IDS etc.
- Servers equipped with Sophos Endpoint protection and ransomware protection
- Office 365 Outlook enterprise email hosting services backed by Microsoft security standards
- Web & Application Policies imposed for ensuring data security
- Automatic data backup twice daily with retention up to 60-days
Policies and procedures for mobile devices
Policies for the use/positioning of workstations
Facility access controls:
- Biometric access
- CCTV surveillance
- Physical security
- Dedicated— Access managed data center room with surveillance
Inventory of hardware
Contingency plan and ongoing plan testing
Risk management and ongoing risk assessments
Restricted third-party access/ BA agreements
Continous HIPAA training for team members
During the Spring of 2021 HealthRecon strengthened its compliance focus with the addition of independent compliance advisors.
The additions include Mr. Wade McFaul, an industry veteran with over 25 years of service with the Office of the Inspector General – U.S. Department of Health and Human Services, Dr. John McHenry, a specialist cardiologist with over 33 years of experience and Dr. Alberto J. Montero, a board-certified oncologist and clinical director of the Breast Cancer Medical Oncology Program at the University Hospitals Seidman Cancer Center and associate professor of medicine at Case Western Reserve University School of Medicine.
With the assistance of the advisory board and compliance officer, HealthRecon Connect continues its focus and commitment towards maintaining world-class standards of service delivery
