Power your Marketing.

HIPAA Compliance Certificate Advances Dedication to Data Security

Chris Van Houtte

In case you haven’t seen our latest news, this morning we announced we have received a third-party certificate of HIPAA compliance across all of our facilities, including Mail-Gard, by independent assessor, Crimson Security Inc.

Data security and compliance is critical to all of our customers, but especially to those in the highly regulated healthcare industry. Compliance to HIPAA requirements has always been a focus of our healthcare clients. We are considered a Business Associate under the HITECH Act, which extended our clients’ compliance requirements to companies such as ours.

While the third-party review is a new undertaking, IWCO Direct has focused on HIPAA compliance for years. In fact, our first self-evaluation dates back to 2006. Since that time we have continued annual audits and regular enhancements. However, as a means to measure and assure that our own internal audits and self-certifications were valid, this year we engaged Crimson Security to assess our HIPAA/HITECH control environment. This independent assessment provided us a “second set of eyes” that reinforced our internal security and compliance team efforts, as well as reassured our healthcare client base of our strong corporate security posture.

Below is a brief summary of our multifaceted internal efforts and processes created to satisfy HIPAA requirements. We will continue annual internal audits specific to HIPAA/HITECH and plan to engage a third party for verification every two to three years.

  • Building off the efforts related to HIPAA self-certification, IWCO Direct enhanced all internal security policies and controls leveraging ISO standards (17799).
  • We continued to enhance security policies based on annual internal audits, customer audits, additional requirements to support PCI Compliance and ongoing changes to HIPAA requirements
  • Migrated to and adopted ISO 27001 security framework and continued PCI-DSS compliance.
  • Upgraded our ISO 27001: 2013 and PCI DSS 3.1 certifications.
  • Continued to perform annual self-evaluation to HIPAA compliance and made modifications to support HIPAA/HITECH controls

Achieving this level of compliance is no small feat. IWCO Direct’s dedicated Security Team has been instrumental in focusing on continually raising the bar in regards to our security practices. We would not be in a position to pass the scrutiny of our annual ISO 27001 and PCI certifications, as well as this third party audit of our HIPAA/HITECH controls, if not for the support of our leadership team and the diligence of all IWCO Direct associates in making data security a key part of our culture.

If you have any questions about our data security measure, please let me know.

link https://www.iwco.com/blog/2015/12/18/hipaa-compliance-certificate/
Chris Van Houtte

Author

Chris Van Houtte

Vice President of Information Technology. Graduate of Minnesota State University – Moorhead and IWCO Direct team member for more than 10 years. Favorite award or recognition: Fatherhood. Personal business philosophy: “Patience, listening and a dose of common sense are key to successful outcomes.” Loves fishing and participating in/coaching his kids’ activities. Detroit sports lover – Lions, Tigers, Red Wings and Michigan Wolverines.

More Posts by Chris

Subscribe

Subscribe to SpeakingDIRECT to have new articles delivered to your inbox as they post. We promise to keep it fresh and interesting.

Bob Rosser Has Been Elected MTAC Industry Vice ChairRead More
keyboard_arrow_upBack to top