Healthcare data protection, built for trust.
Prime Health Services protects client data through administrative, technical, and physical safeguards reviewed and attested annually through SOC 2 Type II.
Security by design
Controls are built into applications, infrastructure, monitoring, access, and response operations.
Privacy governance
Client data is managed through confidentiality, integrity, availability, and role-based access principles.
Compliance alignment
Programs align with SOC 2, HIPAA, and CIS Critical Security Controls to support client expectations.
Vendor oversight
Vetted subprocessors are reviewed annually as part of Prime Health Services vendor risk management.
Layered protection across systems, data, and operations.
Prime Health Services incorporates security by design and maintains multiple complementary layers of protection across client, server, data, and transmission environments.
Encryption
Data is protected in transit using TLS or SFTP and at rest using FIPS 140-2 aligned controls. Keys are safeguarded and device encryption is enforced where applicable.
Access controls
Least-privilege RBAC, unique user IDs, 15-minute inactivity timeouts, account lockout after five invalid attempts, MFA for remote VPN and administrative access, and Azure AD Entra ID enterprise SSO.
Monitoring and logging
Application audit logs remain online for at least 180 days, supported by centralized monitoring, alerting, email protections, and endpoint protections.
Vulnerability management
Monthly vulnerability scans, monthly remediation reviews, annual third-party penetration testing, and periodic phishing assessments support ongoing readiness.
Incident response
A documented incident response plan covers triage, containment, eradication, recovery, lessons learned, severity categories, regulatory or client notifications, and business continuity exercises.
Data governance designed around responsible use.
Prime Health Services treats privacy as an essential principle across the data lifecycle, including cloud and on-premises environments, support processes, and role-based access controls.
Data classification
PHI is always treated as Confidential and protected with heightened safeguards across its lifecycle.
Retention and auditability
Client confidential and sensitive information is retained per contract and policy, with a baseline retention period of up to seven years.
Secure disposal
Media and paper containing confidential data are destroyed using approved methods with chain-of-custody evidence. Assets are sanitized before reuse or disposal.
Attested controls and healthcare-focused compliance alignment.
Prime Health Services security and privacy measures support client requirements and essential healthcare privacy standards through recurring reviews, training, and formal compliance programs.
SOC 2 Type II
Annual examinations cover Security, Availability, and Confidentiality. Reports are available to clients.
HIPAA alignment
Operations are aligned with the HIPAA Security, Privacy, and Breach Notification Rules and enforced through BAAs.
Industry alignment
The program is mapped to CIS Critical Security Controls Implementation Group 3 to guide continuous improvement.
Employee training
Employees complete required data protection and privacy training to support consistent operational safeguards.
Vetted partners reviewed through vendor risk management.
Prime Health Services engages vetted subprocessors to deliver services and annually reviews their security attestations, including SOC and HITRUST where applicable.
| Vendor | Service | Assurance and Notes |
|---|---|---|
| Microsoft Azure | Cloud hosting for production applications and storage | SOC 2, FedRAMP Moderate, annual PHS review, and alignment to CMS cloud expectations for claims processing. |
| Acrometis | Data input services | Attestation reviewed annually, including SOC or HITRUST where applicable. |
| Smart Data Solutions | EDI and clearinghouse services | Attestation reviewed annually, including SOC or HITRUST where applicable. |
| MultiPlan | PPO network access services | Attestation reviewed annually, including SOC or HITRUST where applicable. |
Need security documentation?
Clients can request applicable security reports, attestation details, and compliance documentation through their Prime Health Services representative.