If you’re like me, you feel a small sense of accomplishment when you leave your doctor’s office with a clean bill of health after an annual check-up. Did you know that InstaMed has to go through an annual check-up, too? We’re happy to say we recently passed our annual health checks for both our Point-to-Point Encryption (P2PE) Validated Solution and HITRUST, so you can rest assured that we’re continuing to keep data safe and secure.
Both the Payment Card Industry (PCI) Council and HITRUST approved the results of our recent audit completed by a qualified security assessor (QSA), Coalfire, and confirmed InstaMed’s status as a PCI-Validated P2PE Solution Provider and HITRUST Certified.
Here’s a little more insight into what that means:
P2PE Annual Revalidation
In 2016, InstaMed Healthcare Payments P2PE became the first PCI-Validated P2PE v2.0 solution in healthcare. To be a PCI-Validated P2PE Solution Provider, InstaMed had to complete the detailed security requirements and testing procedures outlined by the PCI Council to ensure that our solutions meet the necessary requirements to protect payment card data. To prove we met the necessary requirements, we worked with a QSA who performed an audit of InstaMed’s bi-coastal data centers and submitted the results of the audit to PCI for review. The PCI Council approved the results of the audit and listed InstaMed Healthcare Payments P2PE on their list of P2PE validated solutions.
Like most things when it comes to security and compliance, maintaining our status as a PCI-Validated P2PE Solution Provider is an ongoing process. We’re happy to announce that we have successfully completed our Annual Revalidation with PCI. What does this mean?
- Any changes to our solution have been applied in a way that is consistent with the P2PE Standard
- Healthcare Payments P2PE continues to meet the requirements of the P2PE Standard
Why does our revalidation matter? Healthcare organizations that leverage InstaMed Healthcare Payments P2PE can be confident that their data is being protected. However, even organizations that do not leverage our P2PE Validated solution can feel good about the security of InstaMed our data centers and offices undergo a full audit in order to achieve revalidation.
Check out InstaMed’s listing on the PCI Council’s website here. If there’s more you want to know about P2PE and security for healthcare payments, read what our four experts have to say.
HITRUST Interim Review and Reassessment
The Health Information Trust Alliance (HITRUST) is a private organization that established a Common Security Framework (CSF) that can be used by all organizations that create, access, store or exchange sensitive and/or regulated healthcare data. The CSF includes a prescriptive set of controls that seek to harmonize the requirements of multiple regulations and standards. When an organization is HITRUST Certified – like InstaMed – it means that they completed a more rigorous set of controls to prove they are effectively managing security risks. According to HITRUST, “By being CSF Certified, an organization is communicating to its business partners and other third-party entities (e.g., state or federal agencies) that sensitive information protection is both a necessity and priority, essential security controls are in place, and management is committed to information security.”
InstaMed became HITRUST certified in the fall of 2016. HITRUST requires reassessment every two years. However, it also requires certified entities to complete an interim review after the first year of certification. To pass our interim review, InstaMed worked with the original assessor who completed our CSF certification. The assessor selected controls to test and ensure the proper security protocols are in place and documents the procedures for HITRUST to review and approve. HITRUST reviewed the assessment and determined that InstaMed’s certification was still valid as we continue to meet the requirements set forth by HITRUST. I remember the feeling of going back to school, knowing I had to face a new year of tests and assignments. It’s a much better feeling going into September with our annual health checks for our PCI P2PE Validated Solution and HITRUST already completed. Learn more about InstaMed’s other certifications here.