As a compliance-first organization, Vatica’s Security and Compliance Programs are the driving force behind our software, solution, and everything we do.
Our Pillars of Compliance
We’re committed to conducting business in full compliance with healthcare’s many laws and regulations. We take this commitment seriously and go the extra mile to develop and implement best practices. Our pillars of compliance are at the core of everything we do to keep our partners’ data, operations, workflows, records and information safe. Read on to see how we remain a compliance-first operation.
Data Security and Privacy
Vatica maintains rigorous physical, technical and administrative controls to protect the sensitive data with which we are entrusted. Security is paramount to our products, operational processes and infrastructure.
Vatica is SOC 2 – Type 2 certified, which is among the most stringent and difficult to obtain information-security certifications. It demonstrates that Vatica complies with the Trust Service Principles of security, availability, and confidentiality.
For more information regarding SOC reporting and its standards, please visit the AICPA’s (American Institute of Certified Public Accountants) website.
Our Well365 provider platform is also HITRUST certified, earning the leading information security framework for the healthcare industry.
For more information regarding HITRUST reporting and its standards, please visit hitrustalliance.net
Additionally, Vatica completes an annual HIPAA Risk Assessment conducted by an independent auditing firm.
Vatica is committed to doing business with the highest ethical standards, valuing principles such as honesty and respect, compliance with laws and regulations, focus on quality and integrity, personal responsibility for actions and a responsibility for reporting violations.
Vatica’s Compliance Program is based on the Office of Inspector General’s seven elements of an effective compliance program and includes the following:
- Written policies, procedures and standards of conduct
- Oversight Effective training and education
- Effective lines of communication
- Internal monitoring and auditing
- Enforcement of standards through well-publicized disciplinary guidelines
- Prompt response to detect offenses and undertaking corrective action
Just as we value compliance, we expect our partners to do the same. Vatica’s vendors are expected to meet and comply with rigorous compliance, security and privacy standards. Vatica’s Compliance Program includes a Third-Party Assurance program with procedures to ensure all vendors are properly assessed and monitored. In addition, Vatica expects its vendors to uphold Vatica’s commitment to compliance and ethics by complying with the Vatica Vendor Code of Conduct.
Vatica is committed to keeping its products and services running smoothly and consistently. Vatica performs regular business continuity and disaster recovery planning, as well as regular risk and business impact assessments and analysis. In case of an interruption, Vatica’s business continuity planning is developed to ensure the fastest and most secure maintenance and restoration of our systems and operations.
Reporting Compliance Concerns
We have a “see something say something” policy at Vatica for anyone that works with us, for us or near us. Vatica’s Compliance Program is structured to maintain open lines of communication, encouraging individuals with compliance or ethical concerns to report those concerns as soon as possible using Vatica’s anonymous Compliance Helpline. The Vatica Compliance Helpline is a telephone and web-based reporting system that is managed by an outside company and is available for reporting 24 hours a day, 7 days a week, 365 days a year:
Go to vaticahealth.ethicspoint.com and select “Make a Report.”