To earn and maintain our status as an EHNAC Accredited HISP, RA, and CA, our policies, procedures, and infrastructure detailed below are thoroughly reviewed by the independent Direct Trusted Agent Accreditation Program (DTAAP). One of the first organizations to earn these Accreditations in 2013, the initial application required a 500-page submission and on-site visits over multiple days. The Accreditation is up for review in alternating years and has already been renewed in 2015 and 2017.
MaxMD has an exceptionally strong physical, technical, and operational security environment. Our culture of regulatory compliance has been promoted internally and to our clients for as long as we have been in operation. We adhere to work policies and security procedures consistent with ISO 27002 as well as the requirements of HIPAA, HITECH, the Direct Project and the Certificate Policies and Practices of DirectTrust.org. Our security efforts are shaped by 45 CFR part 164, subparts A, C, D, and E where applicable.
Our Operating Environment Infrastructure is in a private cloud behind a private firewall at Rackspace, a SSAE 16 Type II SOC 2* certified facility located in the Dallas/Fort Worth area. All physical control requirements of the DirectTrust.org CP V1.3 are met or exceeded. All physical control requirements of the DirectTrust.org CP V1.2.1 are met or exceeded. MaxMD’s administrative, technical and physical policies and procedures are all designed to protect against any anticipated threats or hazards to the security of our clients’ information, and are shaped by the Security Management Process established in 45 CFR 164.308(a)(1) as it relates to the HIPAA Security Rule. MaxMD also has an audited business recovery plan.