Compliance
Secure. Compliant. Confident.
At Vatica Health, we’re not just committed to conducting business in full compliance with healthcare’s many laws and regulations. We go the extra mile to develop and implement best practices. Our pillars of compliance are at the core of everything we do to keep our partners’ data, operations and workflows safe.
Our guiding principles of compliance
What we mean by
compliance-first
Data security and privacy
Vatica maintains rigorous physical, technical and administrative controls to protect the sensitive data with which we are entrusted. Security is paramount to our products, operational processes and infrastructure.
Vatica is SOC 2 Type 2-certified—one of the most stringent and difficult-to-obtain information security certifications. This designation demonstrates that Vatica complies with the Trust Service Principles of security, availability and confidentiality mandated by the American Institute of Certified Public Accountants.
Our Well365 platform is also HITRUST-certified, meeting all the criteria for the healthcare industry’s leading information security framework. For more information regarding HITRUST reporting and its standards, please visit hitrustalliance.net. Additionally, Vatica completes an annual HIPAA Risk Assessment conducted by an independent auditing firm.
Compliance
Vatica adheres to the highest ethical standards, valuing principles such as honesty and respect, compliance with laws and regulations, a focus on quality and integrity, and taking personal responsibility for actions and reporting violations.
Our compliance program is based on the seven elements of an effective compliance program as identified by the Office of Inspector General:
- Written policies, procedures and standards of conduct
- Oversight
- Effective training and education
- Effective lines of communication
- Internal monitoring and auditing
- Enforcement of standards through well-publicized disciplinary guidelines
- Prompt response in detecting offenses and undertaking corrective action
Third-party assurance
Just as we value compliance, we expect our partners to do the same. Vatica’s vendors are required to meet rigorous compliance, security and privacy standards. Our Compliance Program includes a Third-Party Assurance component with procedures to ensure all vendors are properly assessed and monitored. In addition, Vatica requires its vendors to comply with the Vatica Vendor Code of Conduct.
Business resiliency
Vatica is committed to keeping its products and services accessible and running smoothly. We have a regularly updated business continuity and disaster recovery strategy and conduct regular risk and business impact assessments and analyses. In case of an interruption, Vatica’s business continuity planning ensures the fastest and most secure maintenance and restoration of our systems and operations.
Reporting compliance concerns
We have a “see something, say something” policy at Vatica for anyone who works with us, for us or near us. Vatica’s Compliance Program is structured to maintain open lines of communication, encouraging individuals with compliance or ethical concerns to report those concerns as soon as possible using Vatica’s anonymous Compliance Helpline. This telephone and web-based reporting system is managed by an outside company and is available around the clock at 1-844-719-6967 or at the link below.
Adjust your approach to risk adjustment
Talk to one of our risk adjustment experts today to see how we can help you deliver better performance and stronger compliance while closing gaps in care.