Why We’re Boosting Our Security Profile With SOC 2 Certification
What our new certification status says about our commitment to protecting customer data
Anyone working in healthcare knows that, per HIPAA regulations, patients’ protected health information (PHI) is considered confidential data that must be rigorously secured.
CertifyOS is unique among digital healthcare solutions, in that we don’t work directly with PHI—because we don’t work directly with patients. But we do work with all types of providers, and we take the safety of their personally identifiable information (PII) just as seriously.
To prove it, we’re following robust security protocols and pursuing the strongest compliance standards in the industry. Case in point: We just received our SOC 2 Type 1 certification, and our Type 2 certification is right around the corner.
Read on to learn why a SOC 2 stamp of approval matters when it comes to quality healthcare solutions—and what steps we’re taking at CertifyOS to keep our customers’ data safe.
What is SOC 2, and why is it important?
SOC 2 is a security compliance standard created and overseen by the Association of International Certified Professional Accountants (AICPA). It governs how service organizations store and handle consumer data. There are two different types of SOC 2 certification:
SOC 2 Type I evaluates the design of an organization’s security processes and systems at a given moment.
SOC 2 Type II evaluates how these processes and systems perform over time, typically monitoring their operations for at least six months.
In healthcare, security audits are an important step for health plans, care systems, and other groups to guarantee that the service organizations they work with can keep sensitive data safe.
That’s because, in our industry, the consequences of a data breach can be devastating.
“Cyber threats are real. In the age of digital health, one security fail can bring down an entire organization. It’s important to know you’re doing business with partners who consider data security a top priority and will jump through all the hoops—whether they’re legally required to or not—to make sure your information is safe.”
–Shannon Kern, Director of Quality and Compliance, CertifyOS
If a service partner is SOC 2-certified, it means they not only have the right policies and procedures in place, but that they’ve evidenced strict compliance to the AICPA’s satisfaction. For health organizations, it makes the security audit quicker and easier (and far less stressful) to know that a respected outside authority has already conducted a thorough investigation and found that a potential partner meets all requirements.
How does CertifyOS keep data safe?
Ultimately, SOC 2 is the highest security standard in tech—but it’s a voluntary benchmark, and no service partner is mandated to comply.
We decided to become SOC 2-certified because protecting our customers’ data is of the utmost importance, and transparency and accountability are among our core values as a company. Working in provider intelligence doesn’t just mean being smart about the quality and efficiency of provider data, but also the way it’s managed. If we’re not ensuring the right people—and only the right people—have access to providers’ personal information and documents, then we’re not doing our job.
At CertifyOS, we have documented policies in place to secure our customers’ data, keep their private information private, and prevent costly breaches. We’ve also established strict systems and protocols to handle any security incidents, issue the proper reports, and follow up with corrective actions.
SOC 2 certification is the best way to make those efforts official—and to earn our customers’ trust.
We’ve already received our Type I certification and are in the process of completing our SOC 2 assessment period. In the meantime, we’re committed to keeping our customers and the healthcare community up to date on our compliance journey, so they know they can enjoy our seamless provider data solutions without compromising on provider data security.
Learn more about our commitment to data protection