Jul. 25, 2022
As an early-stage startup, AptEdge believes strongly in ensuring the security of our customers’ data. This focus on security led us to successfully complete our initial SOC 2 Type 2 audit and certification this year. While that was an important first step, we had no intention of stopping our security compliance at the design level. This year we are proud to announce that we have enhanced the scope of our certification with the help of Vanta, by not only auditing the design of security processes at a single point in time but also the maturity level of our security and data privacy-related controls over time.
The Health and Insurance Portability and Accountability Act of 1996 (HIPAA) requires healthcare providers to process Protected Health Information (PHI) in a responsible, private, and secure manner. The legislation also encourages the use of electronic health records to improve the efficiency and quality of U.S. healthcare through improved information sharing.
Along with increasing the use of electronic medical records, HIPAA includes provisions to protect the security and privacy of PHI. PHI includes any personally identifiable health and health-related data. The HIPAA rules apply to covered entities—which include hospitals, medical services providers, employer-sponsored health plans, research facilities, and insurance companies—as well as business associates.
With this certification, AptEdge’s customers that work with Health providers and vendors will have peace of mind. They can rest assured knowing that the design of controls regarding availability, processing integrity, and confidentiality of service has been independently and fully reviewed and verified. Additionally, our customers have the assurance that medical records data is being taken very seriously and that controls are being implemented and lived throughout the company.
This is an assurance for your security and compliance teams that an independent third party has reviewed and verified that AptEdge’s product and corporate-related security controls are suitable and appropriate. Your security team can utilize AptEdge’s HIPAA compliance for your own certification programs and third-party assessments as many companies have HIPAA as a requirement before choosing to deploy a SaaS solution.
Completion of our first HIPAA audit is part of our ongoing effort to build an effective and appropriate control set to protect the data of all of our users. It is vitally important to develop a set of security and data privacy controls integrated into the culture of the company.