Enterprise Health handles electronic personal health information (ePHI) for our clients. To demonstrate our compliance with the required safeguards to protect that data, we have taken the measures to attain certifications from industry-leading organizations.
SERVICE ORGANIZATION CONTROL (SOC)
SOC reports issued by the American Institute of Certified Public Accountants (AICPA) enable companies to demonstrate a level of process and system control assurance to their clients. Enterprise Health undergoes regular third-party SOC examinations every year to articulate to our clients the strong commitment and robust controls we use to protect our clients’ data.
Enterprise Health has both SOC 2® Type 2 (Restricted Use) and SOC 3® (General Use) report on the controls at our organization relevant to the trust services criteria of security, availability, processing integrity, confidentiality and privacy.
HITRUST CSF Certified status demonstrates that Enterprise Health has met key regulations and industry-defined requirements and is appropriately managing risk. This achievement places Enterprise Health in an elite group of organizations worldwide that have earned this certification. By including federal and state regulations, standards and frameworks, and incorporating a risk-based approach, the HITRUST CSF helps organizations address these challenges through a comprehensive and flexible framework of prescriptive and scalable security controls.
In addition, based on the results of a HITRUST CSF Validated Assessment, Enterprise Health is supported by an information protection program that is consistent with the objectives specified in the NIST Cybersecurity Framework v1.0.
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY
Based on the results of a HITRUST® CSF Validated Assessment, Enterprise Health is supported by an information protection program that is consistent with the objectives specified in the NIST Cybersecurity Framework v1.0. The NIST Cybersecurity Framework (CSF) provides a policy framework of computer security guidance for how private sector organizations in the United States can assess and improve their ability to prevent, detect, and respond to cyber attacks.