CMSPro Billing Solutions is steadfast in our commitment to remain compliant in all aspects of our business, including all federal and state regulations and guidelines relating to the security and protection of healthcare information Our data centers, facilities, processes, and products are analyzed and tested annually by independent third-party assessments. Below is the list of certifications/audit reports that CMSPro Billing Solutions maintains currently.
HITRUST CSF Certified status demonstrates that CMSPro Billing Solutions’s systems and infrastructure have met key regulations and industry-defined requirements and appropriately manage risk. This achievement places CMSPro Billing Solutions Services in an elite group of organizations worldwide that have earned this certification. By including nationally and internationally accepted security and privacy-related regulations, standards, and frameworks–including ISO, NIST, PCI DSS, HIPAA, and COBIT–to ensure a comprehensive set of security and privacy controls, and incorporating a risk-based approach, the HITRUST CSF helps organizations address these challenges through a comprehensive and flexible framework of prescriptive and scalable security and privacy controls.
PCI DSS refers to the Payment Card Industry Data Security Standard, designed to enhance the security controls to protect the payment card information from theft and misuse. It applies to all entities that process card transactions to verify that the provider upholds the highest data security and privacy standards. CMSPro Billing Solutions has secured PCI DSS certification for our payment card processing centers in the Philippines and the IT Infrastructure operations in India. This certification provides additional security assurance to our customers. It allows the organization to process the patient intake management process confidently as it requires storing and processing credit card information and other sensitive information.
SSAE18 SOC 1 Type 2 is a comprehensive audit report on CMSPro Billing Solutions’s system controls which govern the processing of customer data, focusing on the aspects of confidentiality and privacy. This report provides our customers the assurance of digital and physical security, availability, and integrity of our information system, as well as its operational effectiveness in the business context.
ISO/IEC 27001:2013 covers the expectations on CMSPro Billing Solutions as a company for establishing, implementing, maintaining, and continually improving an information security management system within the organization's context. These include the requirements for periodic assessment and treatment of information security risks customized to our business and the industry we operate in.