Moving to the cloud does not make security concerns go away. We are now transitioning our hosting services from traditional data-center hosting facilities to the cloud, in collaboration with Amazon Web Services. Your practice can off-load the task of data protection to NextGen Healthcare by taking advantage of our hosting services. Certification lasts two years, whereupon we will seek renewal. NextGen Healthcare became HITRUST certified in December 2017. The team at NextGen Healthcare put in 19 months of day-in, day-out work to obtain HITRUST certification. HITRUST takes the best from these standards and incorporates them into its own set of controls. This security framework ensures that we are not only meeting HIPAA regulations but the standards of globally recognized security organizations, such as the International Organization for Standardization (ISO), the National Institute of Standards and Technology (NIST), the Payment Card Industry (PCI), and others. NextGen Healthcare uses the Health Information Trust Alliance (HITRUST) framework-the most widely-adopted security framework in the U.S. Seek confirmation from an independent third party. The bottom line: When it comes to security practices, don’t accept a vendor’s word. Confirms the vendor adheres to an established security framework.Affirms the vendor is meeting all requirements to achieve certification.Views physical evidence to support a vendor’s security claims.
Asks all the questions that you would want asked as well as additional questions.
Verification of a vendor’s security practices by an independent third party provides the best evidence that your data is protected to the fullest extent possible.