IWCO Direct and Mail-Gard Receive HIPAA Compliance Certificate Demonstrating Focus on Control Environment for Data Security

December 18, 2015

Chanhassen, Minn. (December 18, 2015) — Further demonstrating its commitment to data security, IWCO Direct, a leading provider of direct marketing solutions, announced it has received a third-party certificate of HIPAA compliance across all of its facilities by independent assessor, Crimson Security Inc. The certificate of compliance includes Mail-Gard®, a division of IWCO Direct which provides business continuity and disaster recovery services.

As a Business Associate under the HIPAA and HITECH Acts, IWCO Direct’s ability to protect information that can reasonably be used to identify an individual or the individual’s health is critical for clients in the healthcare industry. This certificate of compliance also provides added confidence for all IWCO Direct clients, regardless of industry, that the company maintains the appropriate safeguards within the organization to protect all client data. IWCO Direct’s HIPAA compliance certificate reflects the company’s efforts to continuously improve its corporate security. Previous data security measures taken include the adoption of two of the most current industry standards,  ISO/IEC 27001:2013 and PCI-DSS 3.1, earlier this year.

“We take data security very seriously. That is why we engaged an independent third party to evaluate the effectiveness of our controls across the organization. Obtaining a certificate of compliance is a natural extension of our commitment to protecting client data to the very best of our ability,” stated Jim Andersen, CEO of IWCO Direct.

To earn the certificate, IWCO Direct performed an annual self-evaluation to HIPAA compliance to ensure HIPAA and HITECH controls were in place across the organization. As part of its Continuous Improvement initiatives, IWCO Direct engaged Crimson Security to verify the company’s corporate security measures were sound and the appropriate safeguards relating to client data had been established. After a rigorous on-site audit, the third party assessor deemed IWCO Direct’s control environment to be compliant with HIPAA and HITECH security standards.