Information and data security is paramount at CentralReach.
CentralReach is HIPAA compliant.
CentralReach understands the critical importance of securing and safeguarding the Protected Health Information of your clients and complying with our collective responsibilities under HIPAA. Our organization has taken numerous measures in its product applications, policies, and procedures as well as an extra precautionary step involving guidance from outside assessment firms that review, assess and certify our compliance with HIPAA. CentralReach completed its most recent HIPAA assessment after working through a rigorous process with the nationally recognized accounting and consulting firm BDO, which attested to CentralReach being HIPAA compliant in January 2020.
CentralReach is SOC2 compliant.
CentralReach understands the importance of technical network and systems security infrastructure and implementing and maintaining rigorous data security policies, practices and procedures to provide a secure environment for your data. Accordingly, CentralReach has adopted and maintains industry leading systems and organization controls with regard to its products and has completed a Service Organization Control (SOC2) audit, verified by the nationally recognized accounting and consulting firm, BDO. SOC is the leading standard for technology companies in providing industry-wide acknowledgment that a company adheres to trust service principles and best practices.
CentralReach complies with privacy laws and regulations.
In addition to protecting health information in accordance with HIPAA, CentralReach understands the importance of complying with privacy laws and regulations with respect to personally identifiable information. Accordingly, CentralReach has taken numerous steps to protect the personally identifiable information of our customers and their clients. CentralReach recently worked with the nationally recognized privacy assessment firm TRUSTe, through its TrustArc division, to review and assess its privacy policies and procedures. TRUSTe attested that CentralReach had satisfied all United States Privacy Shield Customer Data Verification requirements in March 2020.
CentralReach has the pleasure of serving foreign as well as domestic customers, and in recognition of that, CentralReach applied and was accepted by the US Department of Commerce into both the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield programs in March 2020, and complies with both the European General Data Protection Regulation (GDPR), including through the use of Standard Contractual Clauses, as well as Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).