|MediStreams' internal controls follow the guidelines provided in the United States' Department of Health and Human Services' (HHS) Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule. This rule protects the privacy of individually identifiable health information; and HIPAA Security Rule, which sets national standards for the security of electronic protected health information.|
|MediStreams utilizes DigiCert for their SSL certificate, a trusted specialist in online digital certificates for stability and reliability.|
|A SOC 2 Type II audit is performed annually by an independent, third party to validate that appropriate SOC safeguards and procedures are established and followed by MediStreams.|
MediStreams’ controls are designed to meet the criteria applicable to the following trust services principles:
Security: The system is protected against unauthorized access (both physical and logical).
Availability: The system is available for operation and use as committed or agreed.
Processing Integrity: System processing is complete, accurate, timely and authorized.
Confidentiality: Information designated as confidential is protected as committed or agreed.
Privacy: Personal information is collected, used, retained, disclosed and destroyed in conformity with the commitments in the entity's privacy notice and with criteria set forth in generally accepted privacy principles (GAPP) issued by the AICPA.