Information Security and Compliance
Mytonomy is HIPAA compliant, and we follow the best practices for the protection of patient, customer and partner-sensitive information. We have signed BAAs with our provider-customers.
We follow generally accepted industry and international standards to protect sensitive information from loss, theft, misuse, unauthorized access, disclosure, alteration and destruction. Mytonomy continuously reviews and improves our security practices, infrastructure, and data-handling policies for compliance with industry security regulations and best practices.
SOC 2 Type 2 Audit
Mytonomy successfully completed its SOC 2 Type 2 Audit for our Patient Experience Cloud® platform in accordance with attestation standards established by the American Institute of Certified Public Accountants (AICPA). The SOC 2 report provides assurance to Mytonomy and its customers that the company has designed and implemented effective security controls as it relates to retrieval, storage, processing and transfer of data, as defined in the SOC 2 standards. Conducted by Auditwerx, a division of Carr, Riggs & Ingram Capital, LLC, the report focuses on three controls pertaining to security, availability, and privacy.
- Security. Verifying the system is protected against unauthorized access, use or modification to meet Mytonomy’s commitments and system requirements.
- Availability. Verifying the system is available for operation and use to meet Mytonomy’s commitments and system requirements.
- Privacy. Verifying personal information is collected, used, retained, disclosed and disposed to meet Mytonomy’s commitments and system requirements.