In a recent press release, pMD®, the innovation leader in health care technology, announced the successful completion of its annual voluntary SOC 2® Type II and HIPAA (Health Insurance Portability and Accountability Act) security audits.
More than 41 million patient records were breached in 2019. In fact, health care accounted for 45 percent of data breaches last year, by far the most targeted industry by hackers, costing the health care industry more than $17 billion. Each breached patient record carried a $429 price tag, with the average cost of a single breach hitting $8.9 million.
"The pMD team understands the responsibility and privilege of handling Protected Health Information (PHI) on a daily basis, says Clayton Hoefer, Software Engineering Manager at pMD. “While investing in advanced third party security certifications is not required, we place a high value on seeking objective, in-depth analysis of our systems and processes. These certifications reaffirm the emphasis we place on the highest levels of security and reliability of our product, and gives our customers confidence that we're working in accordance with industry best practices as we continue to innovate in the health care industry."
SOC reports provide an analysis of a service organization's internal controls so users can better understand the risks associated with sharing sensitive information with an external organization. The final reports provide pMD customers with the assurance of strict information security policies and procedures. These include the security, availability, processing, integrity, and confidentiality of customer data. The HIPAA report determined pMD is in compliance with the HIPAA Security Rule requirements, HIPAA Breach Notification Rule requirements, and Minimum Necessary requirements of the Privacy Rule.
The audits were completed by Linford & Company LLP, a highly regarded certified public accounting and information security firm. While the set of procedures and controls tested by a SOC 2 Type I and a SOC 2 Type II assessments are the same, a Type I report is an attestation only at a specific point in time, whereas a Type II covers a period of time. For pMD, the Type II report describes the company's control environment over the course of 12 continuous months.