Q-Centrix®, a leading quality data solutions provider for hospitals and health systems, announced today it has achieved a widely coveted data security certification: the Service Organization Control (SOC) 2 Type II® compliance. Becoming one of the only healthcare quality data solutions providers so far to earn the recognition, Q-Centrix leads the quality data industry in advancing cybersecurity standards. SOC 2 Type II® certification is the highest-level certification of its kind.
“The SOC 2 certification is a critical achievement for us because it shows our partners – which range from the largest healthcare systems to critically needed community hospitals – that Q-Centrix meets the gold standard for protecting the information they’re entrusting us with,” said Brian Foy, Q-Centrix’s Chief Product Officer. “When it comes to the highly sensitive nature of healthcare information, there is no room for anything less than an absolute commitment to cybersecurity. This new recognition is yet another substantiation of how we embrace that commitment and are willing to go to great lengths to prove it.”
Q-Centrix is a quality data solutions provider that comprehensively partners with hospitals and healthcare providers to measurably improve the safety and quality of care they deliver. In total, Q-Centrix processes more than 2 million quality data transactions annually – making data security critical to the company’s mission. Its daily operations include data-sharing and interfacing with its quality expert team and more than 500 hospital partners throughout the United States.
To achieve SOC 2 compliance, Q-Centrix had to demonstrate that its systems are designed and configured to maintain the security, availability, process integrity, confidentiality, and privacy of the data it manages. This includes its quality technology platform Q-Apps® and use of cloud database and computing applications, which enables it to effectively scale solutions to meet its partners’ quality data management needs.
The SOC 2 audit reviewed Q-Centrix’s physical hardware infrastructure; operating software and applications; information processed; personnel; and automated and manual procedures. The process not only assessed whether Q-Centrix established and implemented critical security policies, but also if it could comply with them over an extended period.
“While demonstrating SOC 2 compliance required us to subject our people, processes, and technology to deep scrutiny, we were confident in our readiness and ability to endure it since we’ve been dedicated to following the most rigorous cybersecurity practices from the start,” said Foy. “We also recognize that when it comes to cybersecurity, the job is never done. So we will continue to set the industry standard for security in healthcare quality data management – because protecting sensitive healthcare quality information deserves the utmost vigilance.”
More on SOC 2 and Q-Centrix’s Compliance:
The SOC 2 compliance adds to Q-Centrix’s already-robust set of data security measures and furthers its commitment to ongoing validation, testing, and enhancement of its overall cybersecurity strategy. Q-Centrix is compliant with the HIPAA and HITECH laws, which establish provisions for safeguarding medical information. It also has a full security incident response plan with steps to identify, stop, evaluate, and contain a threat or breach, as well as prevent future similar incidents. Its additional established measures include encryption for all healthcare data stored and transmitted; data recovery and backup mechanisms; two-factor login authentication for anyone permitted to access information systems; workforce security training; and recommended physical security elements, such as secure entrances, restricted equipment areas, and video camera surveillance.
The SOC 2 Q-Centrix audit reviewed and tested numerous Q-Centrix processes, technologies, and controls that affect the security, availability, and confidentiality of its system components and the information it manages. The assessment was carried out by the independent service auditor CyberGuard Compliance, LLP. To maintain its SOC 2 certification, Q-Centrix is required to demonstrate compliance annually through additional review, testing, and documentation.
SOC 2 compliance is based on reporting principles developed by the American Institute of Certified Public Accountants (AICPA). AICPA developed the SOC 2 program to assure security, availability, process integrity, and confidentiality of consumer data. It applies to technology-based service organizations that store customer data in the cloud, providing a framework for organizations to document and obtain independent validation of their security policies and procedures.
More information about the SOC 2 program is available at www.aicpa.org.
Q-Centrix® aims to measurably improve the quality and safety of patient care in the U.S. through the use of its market-leading technology platform, Q-Apps®, that augments the clinical intelligence and efficiency of the industry’s largest and broadest team of nurse-educated, Quality Information Specialists. Processing in excess of 2 million quality data transactions annually, Q-Centrix is a comprehensive quality partner to hundreds of hospitals, providing quality data solutions, including quality data capture, surveillance, measure calculations, analysis, reporting, and improvement solutions. Q-Centrix’s growth equity partner is TPG Growth, a premier, global private equity growth firm. For more information about Q-Centrix, visit www.q-centrix.com.