Maintaining compliance and adhering to our commitment to protecting client and patient data is more than just our responsibility, it’s something that we're incredibly passionate about.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is one of the primary regulatory framework that pertains to the use and disclosure of certain patient information and how that information must be securely protected. As a HIPAA-compliant organization, we employ industry-leading data privacy and security safeguards designed to ensure all patient data is safe and secure.
In fact, in furtherance of Salucro’s commitment to protecting patient data, Salucro obtained HITRUST CSF certification for the Salucro Payment Platform. The HITRUST CSF framework is designed to provide an integrated security approach as well as a way to demonstrate compliance with HIPAA security requirements to a third-party assessor.
The Salucro Payment Platform is a Point-to-Point Encryption (P2PE) Validated Solution, combining secure payment devices, applications, and security practices to securely process encrypted payment card data. Find our listing on the PCI Security Standards Council website.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security and operational standards applied to the secure use, processing, and storage of payment card data. By certifying to PCI DSS as a Level 1 Service Provider, Salucro demonstrates that the Payment Platform meets the same set of security standards designed to ensure that all companies that accept, process, store, or transmit payment card information maintain a secure environment.
Salucro undergoes a SOC 2 Type II audit on an annual basis to demonstrate adherence to the critical operational principles of Security, Processing Integrity, Availability, and Confidentiality with respect to data that flows through the Salucro Payment Platform.
In addition to the annual SOC 2 Type II audit of critical operational principles, Salucro undergoes an annual SOC 1 Type II audit focused on maintaining best practices for internal controls relating to financial reporting.