If you haven’t heard yet, we recently underwent a rigorous cybersecurity audit and were awarded the SOC 2, Type II recognition – a highly coveted certification for solution and service providers.
I admit, the SOC 2 label itself, with its obscure acronym and numbers, certainly doesn’t sound glamorous. Then again, cybersecurity is anything but. In fact, it’s basically the opposite – often consisting of tireless, thankless behind-the-scenes work. This is part of why it’s a big deal for us to be able to share this news. At the same time, I see it as somewhat of a paradox. Why would I think such a thing? Please allow me to explain … As if you didn’t think I would! …
In short, the SOC 2 audit assessed the strength and application of our data security practices. This included a wide range of elements, from our physical hardware infrastructure and use of cloud computing to our team itself and the type of information we manage. In other words, the SOC 2 process not only scrutinized our overall cybersecurity approach, but how it applies to the underlying elements that make our uniquely flexible and efficient solutions possible, which sets us apart from the rest of the field. So, it never really occurred to us to do anything less than rise above the fold with respect to cybersecurity.
About those underlying elements … Key to our ability to adapt to constantly changing quality reporting demands is our remote team of more than 1000 quality information specialists. Having such a huge store of talent allows us to scale solutions according to a partner’s needs. Our core technology augments the team’s intelligence, enabling meticulous efficiency and accuracy. The cumulation of this approach is nearly 200,000 chart abstractions per month and more than 2 million quality data transactions annually – further underscoring how critical data security is to our mission.
To our partners, we feel strongly that your peace of mind is our responsibility. And, the only way to fulfill this commitment is through a comprehensive data security strategy that looks more like a continuum of efforts rather than a single achievement or recognition. At Q-Centrix, this includes the following:
- Complying with the HIPAA and HITECH laws – which establish the provisions for safeguarding personal health information in the United States.
- Following standard data protection best practices – such as encryption for all healthcare data we store and transmit, two-factor login authentication for anyone permitted to access our information systems, and workforce security training.
- Conducting regular system vulnerability scans and penetration testing – to detect weak points in computer networks and equipment and demonstrate how effective security controls are in responding to an attack.
- Adopting the proper physical security elements – including secure entrances, restricted equipment areas, and video camera surveillance.
- Enlisting reputable vendors of our own – especially for cloud storage and communications support (e.g. email, phone system, internal messaging and other information-sharing systems).
- Having a full security incident response plan in place – with steps to identify, stop, evaluate, and contain a threat or breach, as well as prevent future similar incidents.
And, of course, we can now add to this list SOC 2, Type II compliance. Perhaps the most important outcome of the certification is the independent verification it provides. The SOC 2 audit is based on outside principles and was performed by an independent auditor. To put it another way, our current and potential partners now have more than just our word to go on when evaluating us in terms of data security. Plus, maintaining the certification requires an annual review to demonstrate our long-term commitment to compliance.
As part of an exclusive group of health care quality data solutions providers with SOC 2, Type II recognition (we’re aware of only two other organizations that have earned it to date and share our competitive focus), we’re proud to be a key leader advancing data security gold standards in healthcare IT.
For more details on the SOC 2, Type II certification criteria, check out our news release.