Our certifications and awards are a testament to HealthRecon’s commitment to information security and quality management. We continuously innovate and improve our internal processes and controls to safeguard protected health information and business-sensitive information. HealthRecon’s has built a reputation for consistently delivering on promises to all stakeholders, including HIPAA compliance.
ISO 9001:2015 (Quality Management Systems)
The ISO 9001:2015 certification demonstrates HealthRecon’s ability to consistently provide products and services that meet customer and regulatory requirements and continuously improve.
ISO 27001:2013 (Information Security Management)
The ISO 27001:2013 certification, being the only auditable international standard that defines the requirements of an information security management system (ISMS), demonstrate that HealthRecon has defined and put in place best-in-class practices and information security processes.
27701:2019 (Privacy Information Management Systems)
The ISO 27001:2013 certification is the only auditable international standard that defines requirements of an information security management system (ISMS). Together with ISO 27701:2019 certification – data privacy extension to ISO 27001, the certifications demonstrate HealthRecon’s commitment to compliance both under GDPR guidelines and other data privacy requirements including Personally Identifiable Information (PII).
SOC 1® Type 1
The successful completion of the SOC 1® Type 1 and Type 2 examinations validates that HealthRecon’s infrastructure, controls, policies, and procedures meet and/or exceeded the SOC 1® Type 1 and Type 2 criteria as of July 1, 2021 to December 31, 2021. A widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA), SOC 1® Type 1 and 2 examines internal and related external controls pertaining to financial statements – including financial reporting, transactions, security, availability, and processing integrity.
The Seal of Compliance from the Compliancy Group
HealthRecon Connect earned the Seal of Compliance from the Compliancy Group, the recognized third-party HIPAA compliance verification standard for healthcare professionals, vendors, and IT professionals across the healthcare industry. The Seal of Compliance verifies and validates that the users of The Guard™, Compliancy Group’s very own HIPAA compliance program, have made every effort to satisfy the regulatory standards outlined in the HIPAA Privacy Rule, Security Rule, Breach Notification Rule, Omnibus Rule, and HITECH, and have the documentation to illustrate it.
The accreditation from one of the world’s most recognized and trusted consumer-protection brands, Better Business Bureau, is a solid testament to HealthRecon’s credibility and trustworthiness.
Security at HealthRecon Connect
HealthRecon Connect follows all applicable data protection and privacy regulations including but not limited to HIPAA, HITRUST, SOC 1 Type 2, ISO 27001, ISO 27701, and GDPR. Beyond that, your data is encrypted with industry standard both, at rest and in transit. All employer admins and HRC employees are required to enable two-factor authentication for secure access. HealthRecon Connect has also implemented robust next generation technologies to continuously protect the environment against malicious programs.
Policies and Procedures
The HealthRecon Connect management team takes security seriously, requiring employees to follow strict security procedures. Before an employee is hired, a background check is conducted. All employees complete security awareness and HIPAA training upon being hired and annually thereafter.
HealthRecon Connect runs regular assessments, including vulnerability and penetration testing from 3rd-party vendors and undergoes audits and reviews to ensure up-to-date best practices are adhered to. HealthRecon Connect also continuously monitors the environment for anomalies and events.
Security is Embedded In Our Culture
Maintaining a secure company and infrastructure is a top priority at HealthRecon Connect across all teams and departments. Our rigorous security policies and procedures are woven into how we operate as an organization with integrity and ethics.
Dedicated Security Team
HealthRecon Connect’s in-house team of security, privacy and compliance specialists are focused on ensuring security, privacy and compliance across the company, in our products, services, infrastructure and operations. The team also oversees risk management and standards compliance. Company executives are directly involved in overseeing the organization’s security strategy.
Activity Logs and audit controls
Encryption and decryption tools for communication
Automatic log-off of PCs and devices
- Sophos Hardware Firewall with IPS/IDS etc.
- Servers equipped with Sophos Endpoint protection and ransomware protection
- Office 365 Outlook enterprise email hosting services backed by Microsoft security standards
- Web & Application Policies imposed for ensuring data security
- Automatic data backup twice daily with retention up to 60-days
Policies and procedures for mobile devices
Policies for the use/positioning of workstations
Facility access controls:
- Biometric access
- CCTV surveillance
- Physical security
- Dedicated— Access managed data center room with surveillance
Inventory of hardware
Contingency plan and ongoing plan testing
Risk management and ongoing risk assessments
Restricted third-party access/ BA agreements
Continous HIPAA training for team members
Independent Compliance Advisory Board
During the Spring of 2021 HealthRecon strengthened its compliance focus with the addition of independent compliance advisors. The additions include Mr. Wade McFaul, an industry veteran with over 25 years of service with the Office of the Inspector General – U.S. Department of Health and Human Services, Dr. John McHenry, a specialist cardiologist with over 33 years of experience and Dr. Alberto J. Montero, a board-certified oncologist and clinical director of the Breast Cancer Medical Oncology Program at the University Hospitals Seidman Cancer Center and associate professor of medicine at Case Western Reserve University School of Medicine. With the assistance of the advisory board and compliance officer, HealthRecon Connect continues its focus and commitment towards maintaining world-class standards of service delivery