HITRUST

Security commitment

Coffey’s web hosting and mailing services data systems are HITRUST CSF Certified, a demonstration of our commitment to information security and privacy for compliance with HIPAA and beyond.

HITRUST certification requires a rigorous and comprehensive assessment of security and privacy protections performed by a qualified external assessment organization and further reviewed by the HITRUST organization.

Maintaining this certification requires regular review, sound risk management practices and ongoing improvements to our security posture.

We have a designated Security Officer and a HIPAA Compliance Officer on staff. All new employees complete HIPAA awareness training as well as HIPAA training specific to their role at Coffey. Regular HIPAA review training is also required for all employees.

Coffey is willing to enter a Business Associate Agreement with the Covered Entity. We also maintain Business Associate Agreements with any of our subcontractors that handle or may handle PHI, as required by HIPAA.