Security & Privacy

With today’s health environment increasingly focused on the protection of ePHI, you can be assured that our services operate within a highly secure and controlled environment. To illustrate our commitment to effective operational controls, and to privacy and security best practices, we have undergone a Type 1 Service Organization Control (SOC) examination, have passed a HIPAA Risk Assessment conducted by HALOCK Security Labs, and run Qualys penetration tests routinely. Collectively, these provide assurance about the controls we implement to protect the privacy and security of users’ data.

SOC 1 Examination
SOC reports examine controls over the services provided by service organizations.  We completed a SOC 1 Type 1 report that examined Security and Privacy.

  • Security: The system is protected against unauthorized access (both physical and logical)
  • Privacy: Personal information is collected, used, retained, and disclosed in conformity with the commitments in the entity’s privacy notice and with criteria set forth in Generally Accepted Privacy Principles (GAPP issued by the AICPA/CICA.

HALOCK Security Labs HIPAA Risk Assessment
For nearly two decades, HALOCK Security Labs has helped implement and maintain information security programs to protect critical assets and enable organizations to carry out their business purpose.

HALOCK conducted a HIPAA Risk Assessment that ensures HPN has the appropriate controls in place to mitigate the vulnerabilities and threats that may affect the security of ePHI. HALOCK also reviewed our internal HIPAA Risk Assessment that is conducted quarterly and ensured that it was accurate, thorough, and properly designed to assess potential risks and vulnerabilities.

Qualys Inc. Penetration Testing
Qualys Inc. is the pioneer and leading provider of information security and compliance cloud solutions with over 6,700 customers in over 100 countries, including a majority of the Forbes Global 100.

We employ Qualys Penetration Testing to evaluate our IT systems and provide immediate visibility to any areas that may be vulnerable to the latest Internet threats and how to stay protected. This allows us to continuously secure our IT infrastructure and comply with internal policies and external regulations.