Q-Centrix®, the leading enterprise clinical quality data management provider in health care, announced it received the System and Organizational Controls (SOC) 2 report on the HITRUST control requirements. As the only provider in its market to earn the recognition, the recognition further establishes Q-Centrix as a pioneer, advancing cybersecurity standards for the health care quality industry.
Q-Centrix processes more than 2 million clinical quality data transactions annually, making data security critical to the company’s mission. Its daily operations include partnering with more than 850 health care providers to unlock the value of their clinical quality data by using proprietary technology to interface or data-share with a team of experts who manage and interpret the data.
“With every transaction, a hospital partner is trusting us to safeguard one of their most important possessions,” explains Brian Foy, Q-Centrix Chief Product Officer. “We take our commitment to them very seriously and argue that a higher standard must be met to preserve data privacy and security. That’s why we sought SOC 2 + HITRUST .”
The SOC 2 + HITRUST is a two-tiered health care technology compliance accomplishment. The recognition requires an organization to demonstrate the ability to fully protect patient and other sensitive, personally identifiable information (PII) in accordance with the Health Insurance Portability and Accountability Act’s (HIPAA) privacy and security provisions via a 12-month audit by a third-party examiner. SOC 2 guidelines were created to provide an authoritative benchmark for proper control procedures and practices, while the HITRUST certification provides requirements for creating, accessing, storing or exchanging personal health and financial information in a secure and transparent manner.
The recent achievement adds to an already-robust and multi-faceted set of data security best practices at Q-Centrix. In fact, the company maintains a strong security culture based on a perpetual focus on cybersecurity and the engagement of validation and authentication models. Accordingly, Q-Centrix is fully compliant with the HIPAA and HITECH laws, which establish provisions for safeguarding medical information. It also has a full security incident response plan with steps to identify, stop, evaluate, and contain a threat or breach, as well as prevent future similar incidents. Its additional established measures include encryption for all health care data stored and transmitted; data recovery and backup mechanisms; two-factor login authentication for anyone permitted to access information systems; workforce security training; and recommended physical security elements, such as secure entrances, restricted equipment areas, and video camera surveillance.
“Achieving SOC 2 + HITRUST is an illustration of our commitment to our partner community—but our work doesn’t end there,” explained Victor Low, Q-Centrix Director of Information Security. “At Q-Centrix, we fundamentally believe that cybersecurity requires a perpetual focus. We will continue to surpass the privacy and security standards set by our market because protecting this data is critical to improving the quality of patient care delivered in the U.S.”
Q-Centrix® aims to improve the quality of patient care in the U.S. through the use of its market-leading technology platform, Q-Apps®, the industry’s largest team of clinical quality data experts and its information and analytics assets. Processing in excess of 2 million data transactions annually, Q Centrix partners with hundreds of health care providers offering enterprise clinical quality data solutions, including quality data capture, surveillance, measure calculations, analysis, reporting, and consulting solutions. Q-Centrix’s growth equity partner is TPG Growth, a premier, global private equity growth firm. For more information about Q Centrix, visit www.q-centrix.com.