Need Mental Health Help Fast? Call **ASK (star-star-2-7-5) from your cell phone or 1-800-939-5911.

Why does data security matter?

Although hacking and malware are the most high-profile threats to health systems, accidental disclosures are a major problem as well. An effective information security system protects against both. 

In short, there’s a lot at stake for health information systems. As a health care organization, we bear an enormous responsibility toward our members. So, we utilize data security certifications to help ensure that member health information is protected from both external threats and internal errors. 

SOC 2 Type 2 Certified

In our commitment to protecting our members’ information, we hold the SOC (Service Organization Control) 2 Type 2 certification.

SOC 2 Type 2 audits our internal controls to record how we safeguard member data. This report helps members assess the risks associated with third parties. Essentially, it’s the best way to know whether your data will be safe with one of our providers.

Why does SOC 2 matter?

We work with some third-party vendors. Therefore, we follow SOC standards to be confident in our engagement with such vendors. SOC 2 Type 2 ensures that our service providers securely manage our data to protect our interests and the privacy of our members.

A SOC 2 report covers security, integrity, availability, and confidentiality. To meet SOC 2 Type 2 compliance, we must have controls in place that protect data from fraud, intrusions, and other unauthorized activities.

Because we work with companies for whom data protection and compliance are highly regulated and required, this certification matters to every one of our members.

How to find out more

SOC 2 compliance is part of the American Institute of CPAs’ Service Organization Control reporting platform. Visit the AICPA website to learn more about this certification.

HITRUST Certified

We achieved HITRUST Common Security Framework (CSF) certified status from the Health Information Trust Alliance (HITRUST). As a HITRUST CSF Certified company, we are part of a small group of organizations worldwide that have earned this certification. Members and providers can be assured that we are meeting the health care industry’s highest standards in protecting health information and managing risk.

What does HITRUST certification mean?

HITRUST is the gold standard in data security for all industries, including health care. The framework combines HIPAA, ISO, NIST, PCI, and other internationally and nationally accepted standards. It provides clarity and consistency, which reduces the burden of compliance. HITRUST CSF Certified status means that we have met industry-defined requirements and are managing information risk.

How does HITRUST evaluate companies?

HITRUST evaluates companies in 19 security domains. Each domain is designed to address a specific angle of a business’s security operation.
  • Information protection program
  • Endpoint protection
  • Portable media security
  • Mobile device security
  • Wireless security
  • Configuration management
  • Vulnerability management
  • Transmission protection
  • Network protection
  • Password management
  • Access control
  • Third-party assurance
  • Incident management
  • Risk management
  • Data privacy and protection
  • Physical and environmental security
  • Audit logging and monitoring
  • Education, training, and awareness
  • Business continuity and disaster recovery

How does HITRUST help our members?

HITRUST helps member health care data stay secure and confidential. Basically, HITRUST certification means that members can have total confidence in how we handle sensitive information—whether it’s being processed, transferred, or stored.

HITRUST also makes it easier for our providers to prove the safety of their own member data during assessments or audits.

How to find out more

HITRUST is the most widely adopted information privacy and security risk management framework among our country’s health care organizations. In fact, in addition to its presence in the United States, HITRUST CSF has also been implemented in many organizations in other parts of the world.

You can learn more about HITRUST by visiting their website.

NIST CSF

We adhere to the NIST Cybersecurity Framework from the National Institute of Standards and Technology (NIST). The Framework for Improving Critical Infrastructure Cybersecurity (NIST Cybersecurity Framework) was developed in response to U.S. Executive Order 13636. Created through collaboration between government and the private sector, this framework uses a common language to address and manage cybersecurity risk in a cost-effective way without placing additional regulatory requirements on businesses. Our alignment of security controls with the NIST Cybersecurity Framework’s Core will be regularly tested as part of a periodic SOC 2 Type 2 attestation report.
If you would like more information or to request a copy of a certificate please email InformationSecurity@cardinalinnovations.org.

Join our member newsletter

Subscribe