COMPLIANCE

We take compliance seriously. Our numerous certifications and awards demonstrate our unwavering dedication to ensuring the security and quality management of all sensitive information.

We are constantly evolving and enhancing our internal processes and controls to ensure that we exceed industry standards and safeguard our clients’ valuable data. You can trust HealthRecon Connect to deliver on our promises and maintain the highest levels of HIPAA compliance.

 

ISO 9001:2015 (Quality Management Systems)

The ISO 9001:2015 certification demonstrates HealthRecon’s ability to consistently provide products and services that meet customer and regulatory requirements and continuously improve.

ISO 27001:2013 (Information Security Management)

The ISO 27001:2013 certification, being the only auditable international standard that defines the requirements of an information security management system (ISMS), demonstrate that HealthRecon has defined and put in place best-in-class practices and information security processes.

27701:2019 (Privacy Information Management Systems)

The ISO 27001:2013 certification is the only auditable international standard that defines requirements of an information security management system (ISMS). Together with ISO 27701:2019 certification – data privacy extension to ISO 27001, the certifications demonstrate HealthRecon’s commitment to compliance both under GDPR guidelines and other data privacy requirements including Personally Identifiable Information (PII).

27701:2019 (Privacy Information Management Systems)

The ISO 27001:2013 certification is the only auditable international standard that defines requirements of an information security management system (ISMS). Together with ISO 27701:2019 certification – data privacy extension to ISO 27001, the certifications demonstrate HealthRecon’s commitment to compliance both under GDPR guidelines and other data privacy requirements including Personally Identifiable Information (PII).

CMMI (Capability Maturity Model Integration) is a process improvement framework that helps organizations improve their ability to deliver high-quality products and services. Level 3 CMMI maturity, the third level of maturity in the CMMI framework, is characterized by the following:

  • Well-defined processes that are documented and understood by all employees.
  • Use of process improvement techniques to continuously improve the quality of products and services.
  • Ability to measure and track the performance of processes.
  • Ability to identify and correct problems in processes.

SOC 1® and SOC 2® (Type I and II)

A widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA), the SOC 1® and SOC 2® (Type I and II) audits assess the security, availability, processing integrity, confidentiality and privacy controls in service organizations against the AICPA’s Trust Services Criteria (TSC). The certifications reaffirms our commitment to providing our clientele and stakeholders the highest level of internal controls and security.

The Seal of Compliance from the Compliancy Group

HealthRecon Connect earned the Seal of Compliance from the Compliancy Group, the recognized third-party HIPAA compliance verification standard for healthcare professionals, vendors, and IT professionals across the healthcare industry. The Seal of Compliance verifies and validates that the users of The Guard™, Compliancy Group’s very own HIPAA compliance program, have made every effort to satisfy the regulatory standards outlined in the HIPAA Privacy Rule, Security Rule, Breach Notification Rule, Omnibus Rule, and HITECH, and have the documentation to illustrate it.

Better Business Bureau (BBB) - A+ Rating

The A+ rating, Better Business Bureau’s (BBB) highest rating, indicates that HealthRecon Connect met or exceeded the BBB accreditation standards, which also includes a commitment to make a good faith effort to resolve any consumer complaints. The recognition and rating awarded by BBB is a reflection of HealthRecon’s long standing commitment to integrity and excellence in service and business practices.

Security at HealthRecon Connect

Category Safeguards
Protection
HealthRecon Connect follows all applicable data protection and privacy regulations including but not limited to HIPAA, HITRUST, SOC 1 Type 2, ISO 27001, ISO 27701, and GDPR. Beyond that, your data is encrypted with industry standard both, at rest and in transit. All employer admins and HRC employees are required to enable two-factor authentication for secure access. HealthRecon Connect has also implemented robust next generation technologies to continuously protect the environment against malicious programs.
Policies and Procedures
The HealthRecon Connect management team takes security seriously, requiring employees to follow strict security procedures. Before an employee is hired, a background check is conducted. All employees complete security awareness and HIPAA training upon being hired and annually thereafter.
Monitoring
HealthRecon Connect runs regular assessments, including vulnerability and penetration testing from 3rd-party vendors and undergoes audits and reviews to ensure up-to-date best practices are adhered to. HealthRecon Connect also continuously monitors the environment for anomalies and events.
Security is Embedded In Our Culture
Maintaining a secure company and infrastructure is a top priority at HealthRecon Connect across all teams and departments. Our rigorous security policies and procedures are woven into how we operate as an organization with integrity and ethics.
Dedicated Security Team
HealthRecon Connect’s in-house team of security, privacy and compliance specialists are focused on ensuring security, privacy and compliance across the company, in our products, services, infrastructure and operations. The team also oversees risk management and standards compliance. Company executives are directly involved in overseeing the organization’s security strategy.
Technical Safeguards

Activity Logs and audit controls

Encryption and decryption tools for communication

Automatic log-off of PCs and devices

Infrastructure

  • Sophos Hardware Firewall with IPS/IDS etc.
  • Servers equipped with Sophos Endpoint protection and ransomware protection
  • Office 365 Outlook enterprise email hosting services backed by Microsoft security standards
  • Web & Application Policies imposed for ensuring data security
  • Automatic data backup twice daily with retention up to 60-days

Physical Safeguards

Policies and procedures for mobile devices

Policies for the use/positioning of workstations

Facility access controls:

  • Biometric access
  • CCTV surveillance
  • Physical security
  • Dedicated— Access managed data center room with surveillance

Inventory of hardware

Administrative Safeguards

Contingency plan and ongoing plan testing
Risk management and ongoing risk assessments
Restricted third-party access/ BA agreements
Continous HIPAA training for team members

Independent Compliance Advisory Board

During the Spring of 2021 HealthRecon strengthened its compliance focus with the addition of independent compliance advisors.

 

The additions include Mr. Wade McFaul, an industry veteran with over 25 years of service with the Office of the Inspector General – U.S. Department of Health and Human Services, Dr. John McHenry, a specialist cardiologist with over 33 years of experience and Dr. Alberto J. Montero, a board-certified oncologist and clinical director of the Breast Cancer Medical Oncology Program at the University Hospitals Seidman Cancer Center and associate professor of medicine at Case Western Reserve University School of Medicine.

 

With the assistance of the advisory board and compliance officer, HealthRecon Connect continues its focus and commitment towards maintaining world-class standards of service delivery