On the leading edge of cybersecurity

By Brian Foy | October 7, 2019

Did you know that following rigorous cybersecurity audits and evaluations, Q-Centrix has earned the top data security recognition available today: SOC 2 + HITRUST.

I admit, with its obscure acronym and numbers, the label doesn’t sound glamorous. Then again, cybersecurity is anything but. In fact, it’s basically the opposite – often consisting of tireless, thankless behind-the-scenes work. This is part of why it’s a big deal for us to be able to share this news. At the same time, I see it as somewhat of a paradox. Why would I think such a thing? Please allow me to explain … As if you didn’t think I would! …

In short, the SOC 2 audit assessed the strength and application of our data security practices. This included a wide range of elements, from our physical hardware infrastructure and use of cloud computing to our team itself and the type of information we manage. The HITRUST certification provides requirements for creating, accessing, storing or exchanging personal health and financial information in a secure and transparent manner. In other words, the process not only scrutinized our overall cybersecurity approach, but how it applies to the underlying elements that make our uniquely flexible and efficient solutions possible, which sets us apart from the rest of the field. So, it never really occurred to us to do anything less than rise above the fold with respect to cybersecurity.

About those underlying elements … Key to our ability to adapt to constantly changing quality reporting demands is our remote team of more than 1,200 clinical data specialists. Having such a huge store of talent allows us to scale solutions according to a partner’s needs. Our core technology augments the team’s intelligence, enabling meticulous efficiency and accuracy. The cumulation of this approach is nearly 200,000 chart abstractions per month and more than 3 million quality data transactions annually – further underscoring how critical data security is to our mission.

To our partners, we feel strongly that your peace of mind is our responsibility. And, the only way to fulfill this commitment is through a comprehensive data security strategy that looks more like a continuum of efforts rather than a single achievement or recognition. At Q-Centrix, this includes the following:

  • Complying with the HIPAA and HITECH laws – which establish the provisions for safeguarding personal health information in the United States.
  • Following standard data protection best practices – such as encryption for all healthcare data we store and transmit, two-factor login authentication for anyone permitted to access our information systems, and workforce security training.
  • Conducting regular system vulnerability scans and penetration testing – to detect weak points in computer networks and equipment and demonstrate how effective security controls are in responding to an attack.
  • Adopting the proper physical security elements – including secure entrances, restricted equipment areas, and video camera surveillance.
  • Enlisting reputable vendors of our own – especially for cloud storage and communications support (e.g. email, phone system, internal messaging and other information-sharing systems).
  • Having a full security incident response plan in place – with steps to identify, stop, evaluate, and contain a threat or breach, as well as prevent future similar incidents.

And, of course, we can now add to this list SOC 2 + HITRUST compliance. Perhaps the most important outcome of the certification is the independent verification it provides. The SOC 2 + HITRUST audit is based on outside principles and was performed by an independent auditor. To put it another way, our current and potential partners now have more than just our word to go on when evaluating us in terms of data security. Plus, maintaining the certification requires an annual review to demonstrate our long-term commitment to compliance.

As the only health care quality data organization to earn this widely coveted recognition at the time of this post, we’re proud to be the driving force advancing cybersecurity standards for the health care quality industry.