A SOC 2 SM report is meant to satisfy the needs of present or potential consumers who want confidence about the effectiveness of the controls applied by the service organization to process their data.
FREMONT, CA: Compliance and ethics in healthcare are not only legal responsibilities; they are also essential components of safe, high-quality patient care. Healthcare compliance is an issue for all medical practices and facilities, regardless of their size or expertise. Particle Health, a firm designing and developing software solutions has recently passed a System and Organization Controls (SOC) 2 SM examination with the aim of complying to the standards set. The result according to the CPAs report stated that Particle Health's management maintained effective controls over the security, availability, confidentiality, processing integrity, and privacy of its API (Application Programming Interface) platform. BARR Advisory, P.A. was in charge of the project.
"We are proud to announce that our SOC 2 SM report has verified that we have the appropriate controls in place to mitigate risks related to security, along with HIPAA Security Rule requirements," said Dan Horbatt, Co-Founder and CTO, Particle Health. "Companies that partner with us to access electronic health records (EHRs) using our universal API can rest assured that we have passed stringent data security standards to mitigate all operating risks."
A SOC 2 SM report is meant to satisfy the needs of present or potential consumers who want confidence about the effectiveness of the controls applied by the service organization to process their data. This assures that Particle Health's API platform, which gives digital healthcare providers access to more than 270 million patient Electronic Health Records (EHRs), adheres to the highest data security standards in the industry.
The American Institute of CPAs (AICPA) has created the following principles and related criteria for use by practitioners in the performance of trust services engagements:
Security: Unauthorized access to the system is prevented (both physical and logical).
Processing Integrity: To accomplish the entity's objectives, system processing is complete, valid, accurate, timely, and authorized.
Availability: As committed or agreed, the system is available for operation and use.
Confidentiality: Information that has been designated as confidential is protected according to the terms of a commitment or agreement.
To accomplish the entity's objectives, personal information is collected, used, retained, disclosed, and disposed of.
HIPAA Security Rule Requirements: The system complies with the applicable HIPAA Security Rule requirements outlined in the Health Information Portability and Accountability Act of the United States Department of Health and Human Services (HHS).