Importance of soc2+

WhiteSpace Health Blogs

Importance of SOC 2+ Compliance

by Carrie Bauman

Information security is a major concern for healthcare organizations. Those who elect to outsource key business operations to third-party vendors (i.e., SaaS, cloudcomputing providers) have a particular vested interest in their business associate’s ability to responsibly manage data in applications and networks. Even the slightest gaps in network security can leave enterprises vulnerable to attacks, data theft, extortion, ransomware, and malware. The reputations of the healthcare organization and the offending vendor(s) are at risk, patients may suffer, and fines levied by ONC when non-compliant protected health information (PHI) disclosures occur can be financially crushing.

Importance of SOC 2+ Compliance

Outsourcing is a growing trend and healthcare organizations are becoming increasingly dependent on third party providers to deliver mission critical services. Business associates must address confidentiality and security along with other compliance and regulatory requirements before data can be exchanged, managed, and stored. While SOC 2+ compliance is not a requirement per se for SaaS and cloud computing vendors, the importance of adhering to SOC 2 criteria in securing your data cannot be overstated.

WhiteSpace Health acknowledges the deep trust our customers place in us to keep their data safe. Our ongoing compliance efforts are intended to meet the needs of a broad range of users who require detailed information and assurance about the controls and integrity of our systems

We regularly hire an external auditor to ensure we remain compliant with the five trust principles (security, availability, processing integrity, confidentiality, and privacy) AICPA has specified in their SOC 2+ compliance program. Our neutral auditor plays a vital role regarding the oversight of our organization, vendor management programs, corporate governance, risk management, regulatory compliance, and oversight initiatives.

Client Benefits of SOC 2+ Certification

Periodic audit reports demonstrate the effectiveness of controls. This evidence can be useful to shareholders, customers, and other stakeholders to provide assurance in WhiteSpace Health’s operational integrity. Reports that are verified by independent auditors offer comfort to clients that WhiteSpace Health maintains appropriate and adequate controls to manage, transport and store sensitive information. Audits also ensure robust control protect financial reporting and PHI. Reports promote openness between WhiteSpace Health and its customers, allowing us to maintain existing accounts and attract new clients.

Types of SOC Reports

About Carrie Bauman

Carrie Bauman is the VP of Marketing and Communications and WhiteSpace Health. She earned her BS in Health Information Management from The Ohio State University and RHIA credential from AHIMA in addition to her master’s preparation in health services administration from Central Michigan University. She has served as a privacy officer for her hospitals and health systems and healthcare IT vendors. Ms. Bauman has written and presented extensively on the topics of privacy, security, and compliance.