Abartys Health completes ISO 27001 certification
As part of its commitment to security and privacy, healthcare technology solutions provider Abartys Health recently completed the ISO 27001:2013 certification process with HIPAA control mapping, a critical step in its secure data management and information security risk management efforts.
“Data security is a fundamental component of Abartys Health’s culture and strategy. Everything we do is centered on protecting our customers’ data and the integrity of our applications,” said Florian Gaa, General Manager of Abartys Health.
“We recognize that information security and risk management are increasingly critical in the digital healthcare space,” he said.
Published by the International Organization for Standardization (ISO), the world’s largest developer of voluntary international standards, and the International Electrotechnical Commission (IEC), the ISO/IEC 27001:2013 certification is an information security standard and one of the leading industry standards for managing enterprise data.
Compliance with this internationally recognized standard confirms that Abartys Health’s Information Security Management System (ISMS) is comprehensive and follows leading practices.
The scope of the ISO/IEC 27001:2013 certification includes the ISMS for the protection of data related to Abartys Health SaaS applications, such as PatientLynk, ProviderLynk, InsureLynk, and ClinicLynk. Furthermore, it evidences that the controls implemented by Abartys Health are aligned with the HIPAA regulatory requirements.
The certification was issued by A-LIGN, an independent and accredited certification body based in the United States based on the successful completion of a formal audit process. A-LIGN, an independent, third-party auditor, is an ISO / IEC 27001 certification body accredited by the ANSI-ASQ National Accreditation Board (ANAB) to perform ISMS 27001 certifications.
Abartys Health has implemented security measures and countermeasures that protect it and its managed data from unauthorized access or compromise. The company has technical controls in place, formalized IT Security policies and procedures and its IT personnel was found to be conscientious and knowledgeable in security best practices.
The HIPAA security rule, an operationalization of its privacy rule, requires physicians and other healthcare providers to safeguard all created, maintained, or transmitted electronic protected health information (EPHI).
Entities covered by HIPAA are mandated to take technical measures to protect the confidentiality, integrity, and availability of EPHI against reasonably anticipated threats, hazards, and impermissible uses.
“This certification marks another milestone in Abartys Health’s continued commitment to information security at every level,” said Gaa. “It evidences that we have taken the necessary steps to address, implement, and properly control the security of managed data and information in all areas of our organization. Our partners and customers should feel confident that Abartys prioritizes data security and privacy.”