HITRUST

Security commitment

Coffey’s web hosting and mailing services data systems are HITRUST® r2 Certified, a demonstration of our commitment to information security and privacy for compliance with HIPAA and beyond.

HITRUST® certification requires a rigorous and comprehensive assessment of security and privacy protections performed by a qualified external assessment organization and further reviewed by the HITRUST® organization.

Maintaining this certification requires regular review, sound risk management practices and ongoing improvements to our security posture.

We have a designated Security Officer and a HIPAA Compliance Officer on staff. All new employees complete HIPAA and security awareness trainings as well as HIPAA training specific to their role at Coffey. Regular HIPAA and security review trainings are also required for all employees.

Coffey is willing to enter a Business Associate Agreement with the Covered Entity. We also maintain Business Associate Agreements with any of our subcontractors that handle or may handle PHI, as required by HIPAA.

According to HITRUST®, the r2 certification is best suited for organizations that need to demonstrate regulatory compliance with authoritative sources like HIPAA, the NIST Cybersecurity Framework, and dozens of others or that require expanded tailoring of controls based on other identified risk factors. It is the most comprehensive and robust HITRUST assessment.