Expert Multi-Compliant Data Security for Your Peace of Mind


Information and data security is paramount at CentralReach

We know your clients put their full trust in you to safeguard their sensitive protected health, medical and personally identifiable information -- and that you, in turn, rely on CentralReach to provide a safe and secure environment for that information, and treat it with the utmost confidentiality and care. The steps we take to earn your trust and protect you and your clients are outlined below.

CentralReach is HIPAA compliant

CentralReach understands the critical importance of securing and safeguarding the Protected Health Information of your clients and complying with our collective responsibilities under HIPAA. Our organization has taken numerous measures in its product applications, policies, and procedures as well as an extra precautionary step involving guidance from outside assessment firms that review, assess and verify our compliance with HIPAA. CentralReach conducts an annual HIPAA assessment working through a rigorous process with the nationally recognized accounting and consulting firm BDO, which attests to CentralReach being HIPAA compliant.

CentralReach is SOC2 compliant

CentralReach understands the importance of technical network and systems security infrastructure and implementing and maintaining rigorous data security policies, practices and procedures to provide a secure environment for your data. Accordingly, CentralReach has adopted and maintains industry leading systems and organization controls with regard to its products and has completed a Service Organization Control (SOC2) audit, verified by the nationally recognized accounting and consulting firm, BDO. SOC is the leading standard for technology companies in providing industry-wide acknowledgment that a company adheres to trust service principles and best practices.

CentralReach complies with privacy laws and regulations

In addition to protecting health information in accordance with HIPAA, CentralReach understands the importance of complying with privacy laws and regulations with respect to personally identifiable information. Accordingly, CentralReach has taken numerous steps to protect the personally identifiable information of our customers and their clients. CentralReach works with the nationally recognized privacy assessment firm TRUSTe, through its TrustArc division, to review and assess its privacy policies and procedures. TRUSTe attested that CentralReach had satisfied all United States Data Privacy Framework verification requirements.


CentralReach has the pleasure of serving foreign as well as domestic customers, and in recognition of that, CentralReach applied and was accepted by the US Department of Commerce into the EU-U.S. Data Privacy Framework, the UK Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework programs, and complies with the European General Data Protection Regulation (GDPR), the UK GDPR, including through the use of Standard Contractual Clauses, as well as Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).

CentralReach is FERPA Compliant

CentralReach is pleased to serve many leading school districts and educational institutions. CentralReach understands the importance of providing a secure environment and protecting the privacy of student data and complies with the requirements of the Family Educational Rights and Privacy Act (FERPA).

CentralReach offers a fully PCI compliant credit card processing solution

CentralReach understands the need for our customers to be able to process credit card transactions in a fully secure and PCI Compliant manner. We've worked with our credit card processing partner to ensure customers' credit card transactions through our CentralReach enterprise software platform are fully PCI compliant.

Our approach to information security

CentralReach employs a multi-layered approach in delivering an industry-leading privacy and security infrastructure to safeguard the information and data of our customers and their clients, including but not limited to:

  • Offering state-of-the-art Cloud Delivered SAAS Products that leverage leading Cloud providers with comprehensive security infrastructures, such as Amazon Web Services and Microsoft Azure
  • Employing rigorous Product Application Security Measures designed to provide a safe and secure product environment for our users and their clients, including encryption of your data, SSL protected data transport, password protected access and unique user identifications, role-based access control, systematic backups, penetration testing programs, and others. We also employ Privacy-By Design from the earliest stages of product development
  • Maintaining comprehensive Training and Awareness Programs, adopting and enforcing a full suite of information security Policies and Procedures, including Incident Reporting Procedures, and rigorous on-boarding and off-boarding protocols
  • Working with Third Party Assessment firms, such as BDO for HIPAA and TRUSTe for privacy, to provide objective third-party assessments and confirmation of compliance

CentralReach is committed to the ongoing efforts required in building and fostering a Culture of Security. You can trust that we will continue to work tirelessly in ensuring that protecting the privacy and security of your data, and your clients' data, is a present and paramount factor in all we do, at all times.