Psynergy earns coveted HITECH certification for HIPAA compliance
After a rigorous four-month process conducted by Avertium cyber security firm, Psynergy Programs, Inc. has been assessed pursuant to Avertium’s HIPAA Certification Program for compliance with the 1996 Health Information Technology Portability and Accountability Act, (HIPAA) and has achieved “Certified” status – the highest level possible.
Matthew Brown, director of information and development for Psynergy, coordinated the certification effort with Avertium, participating in about 25 hours of interviews during the process before receiving authorization to display the coveted HITECH badge at facilities and on correspondence.
“The standard for assessment measures an organization’s performance against 135 different security and privacy controls,” says Brown. “We were measured against 125, as 10 were not applicable to us. Of the 125 we were awarded full compliance on 120 and partial on five more, which we have addressed. This is the 95% or higher level of compliance that is required for certification by Avertium, which is one of the toughest out there – they are very respected in the industry. It was a big achievement for us – I wasn’t expecting to earn this certification in our first go-round but we pushed very hard to do everything in our power to get there.”
The certification is company-wide, and covers all of Psynergy Program’s facilities, including accounting, human resources and any other operations that could affect patient privacy.
According to Brown, many of the counties Psynergy works with are now looking for this level of patient security.
“Prior to placing clients, California counties want to see documentation that they are dealing with a sound and secure operation to make sure clients are protected,” says Brown. “Currently, Psynergy Programs is the only organization displaying this certification that we know of.”
Brown said that cyber security is always a moving target, and related that each year the HITECH assessment grows more stringent. Five years ago there were less that 100 controls for evaluation, while now 135 are employed.
“As ransomware and malware evolve, there is always a new potential threat on the horizon,” Brown says. “As a result, we are taking additional measures by migrating all of our servers to the cloud with co-location of our data. If there is an earthquake or a fire, we can flip over to a backup in seconds. It’s not inexpensive, but it is in the best interests of the company and the clients we serve.”