Compliance

Our certifications and awards are a testament to HealthRecon’s commitment to information security and quality management. We continuously innovate and improve our internal processes and controls to safeguard protected health information and business-sensitive information. HealthRecon’s has built a reputation for consistently delivering on promises to all stakeholders, including HIPAA compliance.

Compliance

Our certifications and awards are a testament to HealthRecon’s commitment to information security and quality management. We continuously innovate and improve our internal processes and controls to safeguard protected health information and business-sensitive information. HealthRecon’s has built a reputation for consistently delivering on promises to all stakeholders, including HIPAA compliance.

ISO 9001:2015 (Quality Management Systems)

The ISO 9001:2015 certification demonstrates HealthRecon’s ability to consistently provide products and services that meet customer and regulatory requirements and continuously improve.

ISO 27001:2013 (Information Security Management)

The ISO 27001:2013 certification, being the only auditable international standard that defines the requirements of an information security management system (ISMS), demonstrate that HealthRecon has defined and put in place best-in-class practices and information security processes.

27701:2019 (Privacy Information Management Systems)

The ISO 27001:2013 certification is the only auditable international standard that defines requirements of an information security management system (ISMS). Together with ISO 27701:2019 certification – data privacy extension to ISO 27001, the certifications demonstrate HealthRecon’s commitment to compliance both under GDPR guidelines and other data privacy requirements including Personally Identifiable Information (PII).

SOC 1® Type 1

The successful completion of the SOC 1® Type 1 examination validates that HealthRecon’s infrastructure, controls, policies, and procedures meet and/or exceeded the SOC 1® Type 1 criteria as of July 1, 2021. A widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA), SOC 1 Type 1 examines internal and related external controls pertaining to financial statements – including financial reporting, transactions, security, availability, and processing integrity.

The Seal of Compliance from the Compliancy Group

HealthRecon Connect earned the Seal of Compliance from the Compliancy Group, the recognized third-party HIPAA compliance verification standard for healthcare professionals, vendors, and IT professionals across the healthcare industry. The Seal of Compliance verifies and validates that the users of The Guard™, Compliancy Group’s very own HIPAA compliance program, have made every effort to satisfy the regulatory standards outlined in the HIPAA Privacy Rule, Security Rule, Breach Notification Rule, Omnibus Rule, and HITECH, and have the documentation to illustrate it.

HIPAA Security Overview

Category Safeguards
Technical Safeguards

Activity Logs and audit controls

Encryption and decryption tools for communication

Automatic log-off of PCs and devices

Infrastructure

  • Sophos Hardware Firewall with IPS/IDS etc.
  • Servers equipped with Sophos Endpoint protection and ransomware protection
  • Office 365 Outlook enterprise email hosting services backed by Microsoft security standards
  • Web & Application Policies imposed for ensuring data security
  • Automatic data backup twice daily with retention up to 60-days
Physical Safeguards

Policies and procedures for mobile devices

Policies for the use/positioning of workstations

Facility access controls:

  • Biometric access
  • CCTV surveillance
  • Physical security
  • Dedicated— Access managed data center room with surveillance

Inventory of hardware

Administrative Safeguards

Contingency plan and ongoing plan testing

Risk management and ongoing risk assessments

Restricted third-party access/ BA agreements

Continous HIPAA training for team members

Technical Safeguards

Activity Logs and audit controls

Encryption and decryption tools for communication

Automatic log-off of PCs and devices

Infrastructure

  • Sophos Hardware Firewall with IPS/IDS etc.
  • Servers equipped with Sophos Endpoint protection and ransomware protection
  • Office 365 Outlook enterprise email hosting services backed by Microsoft security standards
  • Web & Application Policies imposed for ensuring data security
  • Automatic data backup twice daily with retention up to 60-days

Physical Safeguards

Policies and procedures for mobile devices

Policies for the use/positioning of workstations

Facility access controls:

  • Biometric access
  • CCTV surveillance
  • Physical security
  • Dedicated— Access managed data center room with surveillance


Inventory of hardware

Administrative Safeguards

Contingency plan and ongoing plan testing

Risk management and ongoing risk assessments

Restricted third-party access/ BA agreements

Continous HIPAA training for team members

Independent Compliance Advisory Board

During the Spring of 2021 HealthRecon strengthened its compliance focus with the addition of independent compliance advisors. The additions include Mr. Wade McFaul, an industry veteran with over 25 years of service with the Office of the Inspector General – U.S. Department of Health and Human Services, Dr. John McHenry, a specialist cardiologist with over 33 years of experience and Dr. Alberto J. Montero, a board-certified oncologist and clinical director of the Breast Cancer Medical Oncology Program at the University Hospitals Seidman Cancer Center and associate professor of medicine at Case Western Reserve University School of Medicine. With the assistance of the advisory board and compliance officer, HealthRecon Connect continues its focus and commitment towards maintaining world-class standards of service delivery

Increase your revenue by 15%

Name(Required)
This field is for validation purposes and should be left unchanged.