Trust Center
Building Trust in Medical Coding
Responsible Use of AI in Healthcare Coding Operations
Security
XpertDox offers enterprise-level security features so you can set up rigorous controls for who can access, manipulate and delete data in your databases.
Workforce Training
All team members receive training on security protocols and HIPAA compliance. We conduct monthly assessments and frequent training sessions to inform and mitigate risks from potential threats.
Access Management
We ensure that access to critical systems is valid and properly configured and periodically review access to essential systems.
Threat And Vulnerability Management
We perform quarterly penetration testing on our network and servers to ensure that access points are resilient to attacks and potential breaches.
Infrastructure Security
We identify and mitigate potential vulnerabilities through risk assessments, access controls, system monitoring, regular software updates, and policy controls.
Incident Management
We have implemented clear protocols and procedures for reporting and responding to incidents, with designated key personnel roles and responsibilities. Such events can range from cyber-attacks and data breaches to natural disasters and employee misconduct.
Application Security
We secure applications against unauthorized access, data breaches, and other attacks using code reviews, vulnerability testing, access controls, and encryption, among other measures.
Certification and Compliance
Undergoes independent verification of platform security, privacy, and compliance controls. Our strong and growing focus on standards and compliance will help you meet your regulatory and policy objectives.
ISO/IEC 22301
Business Continuity Management
The continuity of an entire company can be impacted by natural disasters, endemic diseases, pandemic threats, and cyberattacks. XpertDox is ISO/IEC 22301:2019 certified by an independent third-party auditor, which examines the organization's controls and preparedness in the event of unexpected and disruptive incidents. With this certification, Xpertdox is business-continuity certified. This means that our client data and workflows are protected from unforeseeable events, such as a natural disaster or cyberattack.
ISO/IEC 27001
Information Security Management
XpertDox considers information security management to be a crucial commercial differentiator. We therefore prioritize establishing reliable information security management practices and adhere to industry wide guidelines throughout the organization processes. Xpertdox has implemented the ISO/IEC 27001 information security framework and conduct extensive internal information security audits on a regular basis to ensure compliance with contractual commitments.
SOC 2
AICPA Type 2
XpertDox is SOC 2 Type2 certified. System and Organization Controls (SOC) Reports are the outcome of impartial third-party audits that look at how the company meets important compliance goals and controls. Your auditors and you will benefit from SOC 2 Type2 reports which explains measures put in place by Xpertdox to protect data security, availability, confidentiality, and privacy, among other things.
HIPAA
Compliance
XpertDox recognizes the importance of protecting the privacy and integrity of every individual’s health information. Xpertdox conducts compliance training programs for employees regularly. Xpertdox is HIPAA-ready and enables covered entities and their business associates to use a secure cloud database environment to process, maintain, and store protected health information (PHI). By adopting a best-practices approach to privacy and security, we deliver services and products with high ethical and quality standards, which enable our clients to meet HIPAA requirements.
Business Continuity
ISO/IEC 22301 is an internationally recognized standard for Business Continuity Management Systems (BCMS) that helps organizations ensure the continuity of their critical business functions in the event of a disruption. It provides a framework for developing, implementing, and maintaining a robust BCMS that can help organizations respond to and recover from incidents such as natural disasters, cyber-attacks, or other unexpected events. ISO/IEC 22301 provides guidance on risk assessment, business impact analysis, and the development of a Business Continuity Plan (BCP), which helps organizations minimize the impact of disruptions and ensure the smooth functioning of their critical business functions.
Planning
Recovery
Management
Risk
Resilience
Procedures
Data Privacy and Management
Data privacy and management are essential steps for maintaining customer trust and protecting sensitive information from cyber threats and data breaches. By implementing effective data privacy and management practices, we can safeguard our reputation, reduce our risk of liability, and demonstrate our commitment to protecting the privacy and security of our customers' data.