FAQs: SOC 2, HITRUST & Cybersecurity

What is SOC 2, and why is it important for BESLER’s services?

SOC II (System and Organization Controls 2) is a framework for managing and protecting sensitive data. It focuses on five trust service criteria: security, availability, processing integrity, confidentiality, and privacy. BESLER complies with SOC 2 standards to ensure that our systems and processes securely handle your financial and healthcare data, giving you confidence that your information is protected.

How does BESLER ensure compliance with SOC 2?

BESLER’s datacenter and Managed Service Provider (MSP) undergo regular third-party audits to validate SOC compliance. Internal controls, security policies, and procedures are continuously reviewed and updated to align with the latest best practices. This ensures that we not only meet, but exceed industry requirements for data protection.

Need an Executive Summary of the SOC 2? Click here to request it.

We will need an NDA on file if you need the full report. Your account representative can help you with this process.

What is HITRUST, and how does BESLER meet its standards?

HITRUST is a comprehensive security framework that addresses a wide range of regulatory requirements, including HIPAA, NIST, and PCI. It is tailored to healthcare organizations and provides a unified approach to managing risk. BESLER follows HITRUST standards to maintain the highest levels of security and privacy for all client healthcare data, ensuring regulatory compliance across our services.

Are BESLER products HITRUST certified?

BESLER’s corporate network and BESLER’s offerings of HDAT, iRotations, Easy Work Papers, Revenue Integrity Services (RIS), Transfer DRG, Medicare Advantage Transfer DRG and IME are certified with the HITRUST CSF (Common Security Framework) Risk-based, 2-year (r2) Certification. The Microsoft data centers housing BESLER’s products are also HITRUST certified. This certification demonstrates our commitment to protecting sensitive healthcare information and maintaining the security standards necessary for compliance with healthcare regulations.

How does BESLER approach cybersecurity?

At BESLER, cybersecurity is a top priority. We implement a multi-layered security approach, including firewalls, encryption, intrusion detection systems, and regular vulnerability assessments. Our team of security experts works diligently to stay ahead of emerging threats and ensure our systems are resilient against cyberattacks.

What measures does BESLER take to prevent data breaches?

To prevent data breaches, we employ robust security protocols, including:

  • Encryption: All sensitive data is encrypted both in transit and at rest.
  • Access Controls: We enforce strict role-based access controls, ensuring that only authorized personnel have access to sensitive information.
  • Monitoring: Continuous monitoring of our systems allows us to detect and respond to potential threats in real-time.
  • Training: All BESLER employees receive regular cybersecurity training to stay informed about the latest threats and best practices.

How does BESLER handle incidents or breaches if they occur?

In the unlikely event of a data breach or security incident, we have a comprehensive incident response plan in place. This plan ensures a rapid, effective response to contain and mitigate any impact. We communicate transparently with affected clients and follow all legal requirements for notification and remediation.

How does BESLER protect customer data during service delivery?

We utilize secure data transfer methods, such as encryption and ShareFile, during all interactions with client data. Additionally, we follow strict security protocols when accessing or processing sensitive information, ensuring that your data remains secure throughout our engagement.

Are there any cybersecurity risks we should be aware of when working with BESLER?

While no system can be entirely immune to risk, BESLER continuously works to minimize cybersecurity threats. By adhering to industry-leading standards like SOC II and HITRUST, we provide our clients with the peace of mind that their data is being handled with the highest level of security.

Who can I contact if I have additional questions about BESLER’s security practices?

For further information on our security practices, feel free to reach out to your BESLER account representative who can assist with scheduling a meeting to discuss any further concerns you may have.