In case you haven’t seen our latest news, this morning we announced we have received a third-party certificate of HIPAA compliance across all of our facilities, including Mail-Gard, by independent assessor, Crimson Security Inc.
Data security and compliance is critical to all of our customers, but especially to those in the highly regulated healthcare industry. Compliance to HIPAA requirements has always been a focus of our healthcare clients. We are considered a Business Associate under the HITECH Act, which extended our clients’ compliance requirements to companies such as ours.
While the third-party review is a new undertaking, IWCO Direct has focused on HIPAA compliance for years. In fact, our first self-evaluation dates back to 2006. Since that time we have continued annual audits and regular enhancements. However, as a means to measure and assure that our own internal audits and self-certifications were valid, this year we engaged Crimson Security to assess our HIPAA/HITECH control environment. This independent assessment provided us a “second set of eyes” that reinforced our internal security and compliance team efforts, as well as reassured our healthcare client base of our strong corporate security posture.
Below is a brief summary of our multifaceted internal efforts and processes created to satisfy HIPAA requirements. We will continue annual internal audits specific to HIPAA/HITECH and plan to engage a third party for verification every two to three years.
- Building off the efforts related to HIPAA self-certification, IWCO Direct enhanced all internal security policies and controls leveraging ISO standards (17799).
- We continued to enhance security policies based on annual internal audits, customer audits, additional requirements to support PCI Compliance and ongoing changes to HIPAA requirements
- Migrated to and adopted ISO 27001 security framework and continued PCI-DSS compliance.
- Upgraded our ISO 27001: 2013 and PCI DSS 3.1 certifications.
- Continued to perform annual self-evaluation to HIPAA compliance and made modifications to support HIPAA/HITECH controls
Achieving this level of compliance is no small feat. IWCO Direct’s dedicated Security Team has been instrumental in focusing on continually raising the bar in regards to our security practices. We would not be in a position to pass the scrutiny of our annual ISO 27001 and PCI certifications, as well as this third party audit of our HIPAA/HITECH controls, if not for the support of our leadership team and the diligence of all IWCO Direct associates in making data security a key part of our culture.
If you have any questions about our data security measure, please let me know.
Subscribe to SpeakingDIRECT to have new articles delivered to your inbox as they post. We promise to keep it fresh and interesting.