HIPAA and SOC Compliance

                               
 

Your data is secure with OptimumHQ. We are HIPAA and SOC 2 Compliant.


What is HIPAA?

The 1996 Health Insurance Portability and Accountability Act (HIPAA) is a U.S. law designed to provide privacy standards to protect patients' medical records and other information provided to health plans, doctors, hospitals, and other health care providers.This Protected Health Information (PHI) includes patient data, billing, clinical care, and lab results. Under HIPAA, these privacy laws apply to:

  1. Covered entities such as hospitals, insurance providers, and research facilities; and
  2. Business associates, which are people and companies who provide services for and on behalf of covered entities.

HIPAA-compliant business associates ensure security and privacy of any PHI that is stored, transmitted, or otherwise processed. OptimumHQ's security policies and procedures have met the security requirements to be HIPAA Compliant.

Disclaimer: While OptimumHQ enables secure data storage, users are still ultimately responsible for the implementation of their own data to comply with HIPAA standards.

What is SOC?

SOC stands for Service Organization Control reports. These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users' data and the confidentiality and privacy of the information processed by these systems. These reports can play an important role in:

  • Oversight of the organization
  • Vendor management programs
  • Internal corporate governance and risk management processes
  • Regulatory oversight

SOC 2 reports provide detail reporting and testing procedures for third parties to evaluate. OptimumHQ's security measures have been evaluated by third party certification company Lazarus Alliance.

How is OptimumHQ Compliant?

Lazarus Alliance performs regular scanning and testing to ensure the OptimumHQ system remains compliant. By utilizing a third-party certification body like Lazarus, users can rest assured knowing that OptimumHQ is not only compliant, but certified compliant.

In addition to Lazarus' regular audits, scanning, and testing, OptimumHQ also has monthly meetings with their team to discuss any issues regarding security and updates. Penetration testing to find malicious code as well as the absence of functionality that may lead to security breaches are also conducted regularly.

Talk to one of our account executives today about compliance solutions and how OptimumHQ can maximize your business' potential!