PNT is committed to employing the most stringent privacy and security measures to safeguard your health information. Our services and infrastructure are fully compliant with the requirements of HIPAA. We undergo comprehensive independent audits to ensure every policy and process adheres to current privacy and security regulations. We have been a trusted vendor for over 15 years to a national network of providers and we continuously evaluate and implement privacy and security enhancements and upgrades. All employees are required to participate in extensive training on current compliance regulations and the steps needed to safeguard personal and sensitive information.
We are proud that our secure cloud-based managed services are recognized for adherence to stringent privacy and security standards. These accreditations certify that PNT has all the necessary safeguards, protections, and controls for secure, compliant healthcare data exchange.
- Having HITRUST certification means adhering to a certifiable framework that provides organizations with a comprehensive, flexible, and efficient approach to regulatory compliance and risk management.
- Maintaining EHNAC accreditation ensures that information is handled with the strictest privacy and security controls necessary to protect data integrity.
- With certification in CAQH CORE Phases I, II, and III, PNT follows CAQH operating rules that improve the efficiency, accuracy, and effectiveness of industry-driven business transactions.
- Accredited by the Maryland Healthcare Commission, an independent regulatory agency, PNT demonstrates it adheres to their mission to plan for health system needs, promote informed decision-making, increase accountability, and improve access in a rapidly changing health care environment.
PNT has the necessary privacy and security measures and controls in place that create a compliant platform for healthcare data exchange. Our security program is regularly assessed and certified by independent auditors to demonstrate our adherence to strict industry and regulatory standards. Ensuring secure transmission of healthcare data exchange is our top priority and we have implemented the tools and processes necessary to:
- Continuously identify, assess, and remediate risks to data security
- Encrypt all sensitive data in transit and at rest
- Keep sensitive data safe in our secure Cloud environment
- Protect our systems from known and unknown threats
- Provide data access to authorized users only
- Perform continuous privacy and security reviews
- Conduct independent review of information security management
- Identify and remediate vulnerabilities
PNT Data processes all client information leveraging the Amazon Web Services (AWS) cloud platform, which has been architected and certified for data privacy and security. We use redundant AWS data centers to provide reliable service and our infrastructure automatically expands when needed to provide consistent high performance under load.
AWS offers covered entities and business associates a secure and scalable architecture which is fully aligned with HIPAA compliance requirements. AWS offers the flexibility to scale to be compliant with industry leading certifications and audits, such as ISO 27001, FedRAMP, and the Service Organization Control Reports (SOC1, SOC2, and SOC3). AWS Services and data centers have multiple layers of operational and physical security to help ensure the integrity and safety of customer data.
PNT is committed to protecting and safeguarding sensitive and confidential health information. Privacy policies are in effect in accordance with HIPAA, Federal and State laws that govern the use of data. Data governance guidelines place a heightened focus on ensuring the data entrusted to PNT is protected and secured. Our Data Governance program allows us to:
- Deliver services and infrastructure that are fully compliant with the requirements of HIPAA and privacy and security laws
- Ensure the confidentiality, integrity, and availability of all electronic PHI that we create, receive, maintain, and transmit
- Continuously monitor HIPAA regulations and legislations to ensure sufficient safeguards are in place
- Provide reliable information systems to ensure validity and integrity of electronic PHI
- Share data only with entities in which a data sharing agreement is in effect and use the data for its defined purpose
Customer Due Diligence
We partner closely with our customers and vendors to ensure compliance requirements are met for all parties and comply with:
- Health plan customer annual security surveys
- Vendor certification requirements
To ensure consistent availability and delivery of services, PNT has developed and implemented a Business Continuity and Disaster Recovery Plan that ensures that in case of a catastrophic event:
- We can restore business operations and availability of information within required timeframes
- Critical services will be operational with a defined recovery period that does not exceed 48 hours
- Timely communications are delivered to our customers and stakeholders describing our business continuity plan