American Institute of CPAs standard confirms adherence to policies and procedures that secure client data and create peace of mind for Medsphere clients and prospects.

Medsphere Systems Corporation, the leading provider of affordable and interoperable healthcare IT platform solutions and services, has received Service Organization Control 2 (SOC 2) recognition. Managed by the American Institute of CPAs (AICPA), SOC 2 is a framework that can be applied to any company that stores and manages customer data in the cloud. Those companies that receive SOC 2 recognition have met criteria intended to ensure that organizational controls and practices effectively and reliably protect customer data.

At the heart of SOC 2 are five trust services criteria — Security, Availability, Processing Integrity, Confidentiality, and Privacy — around which companies that are responsible for customer data develop sound policies and procedures. Instead of prescribing which policies and procedures it finds acceptable, AICPA conducts an audit of companies that have implemented their policies and procedures using strict guidelines defined in the trust services criteria to determine whether those fulfill the criteria and qualify the company for SOC 2 recognition.

“We pursued SOC 2 recognition because we want our existing and prospective customers to know how important it is to us that their data is both secure and readily accessible at the same time,” said Medsphere CIO Robert Kilian. “For Medsphere, SOC 2 was the preferred recognition because it gives applicants the freedom to meet certain standards without the rigidity of specific requirements. Also, SOC 2 is widely respected and effectively applies to many industries that manage data without losing relevance. We’re excited and proud of this recognition.”

For this most recent process, Medsphere applied for SOC 2 recognition using the company’s Marketware healthcare relationship management and data analytics tools. Future efforts to acquire recognition for other software solutions will require less energy as much of the process used for SOC 2 and Marketware can be applied generally to the company’s acute and outpatient EHRs, revenue cycle management (RCM) solution, and similar software platforms.

The security of patient data has become a crucial concern in healthcare as hospitals and health systems endure ransomware and similar hacking events that have, in some cases, cost millions of dollars overall and made sensitive patient information available on the internet. No Medsphere client has suffered such an event, and Medsphere aims to ensure that none will move forward by pursuing data safety recognition standards like SOC 2.