The healthcare industry has some of the most stringent requirements as it relates to data security/data confidentiality. Healthcare organizations need to have complete confidence that their IT provider can meet HIPAA requirements as well as safeguard their data.
How can healthcare executives remain confident that an IT service provider can be entrusted to keep them compliant?
IT service providers proof of competencies around HIPAA compliance can be largely determined by specific security credentials like HealthCare Information Security and Privacy Practitioner (HCISPP). In addition to these credentials IT/technology service providers who meet the objective standards of SSAE 18 will have excellent security practices and by virtue of completing an independent SOC audit; will meet the requirements of HIPAA.
While meeting SSAE 18 standards are not a guarantee that a technology provider will keep their clients in compliance; SSAE 18’s standards are rigorous to provide evaluators with the verification needed to have greater confidence in a providers security practices and reliability.
What is SSAE 18 and how does it affect me?
SSAE-18 is the latest auditing standard developed by the American Institute of Certified Public Accountants (AICPA) in 2017. Service Organization Controls, or (SOC) audit reports are used to objectively evaluate the effectiveness of controls in place to determine the financial stability, security practices, and stability of the IT systems from a service provider.
Traditionally SSAE 18 attestation is required for technology service providers who work with clients in financial services industries where risk to sensitive data is also a major concern.
Why should SSAE 18 compliance standards matter?
Healthcare information is up to 100 times more valuable to hackers than credit information on the black market, which is why Mandry Technology goes above and beyond to assure our healthcare clients that their data infrastructure remains compliant and secure. SSAE 18 Attestations SOC2 reports also provide the confidence needed to be confident that these controls are regularly reviewed and updated by an independent 3rd party evaluator.