The security of your data is important to Melissa. We have a 30+ year history of establishing and refining our controls to secure client data in an ever-changing, and increasingly connected world.
Melissa has successfully completed the Service Organization Control (SOC 2 Type II) audit for its data center and data processing organization. SOC 2 Type II is the corporate industry’s standard for an overall control structure, and validates the comprehensive reliability, security, and availability of Melissa’s handling processes. By completing the SOC 2, Type II examination, we affirm our long-standing commitment to strong controls and safeguards for handling and processing your data.
Because Melissa processes, procedures, and controls have been formally evaluated and tested by an independent accounting and auditing firm, SSAE 16 Professionals, LLP, you can be assured that a high level of internet controls and security are established and maintained. The examination was conducted in accordance with the AT Section 101, Attest Engagements of SSAEs (AICPA, Professional Standards, Trust Service Principles, Criteria and illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy. Reporting standards include an audit of Melissa’s controls relevant to security and availability and the suitability of the design and operating effectiveness of our controls.
Melissa is in compliance with all data security standards outlined in the Health Insurance Portability and Accountability Act (HIPAA). The legislation regulates the use and disclosure of an individual’s health information in any format, also known as Protected Health Information (PHI). PHI includes a wide set of personally identifiable health- and health-related data, from insurance and billing information, to diagnosis data, clinical care data, and lab results such as images and test results. The rules apply to “Covered Entities”, which include hospitals, medical services providers, employer sponsored health plans, research facilities and insurance companies that deal directly with patients and patient data. The law and regulations also extend the requirement to protect PHI to “Business Associates”.
HIPAA was expanded by the Health Information Technology for Economic and Clinical Health Act in 2009. HIPAA and HITECH establish a set of federal standards intended to protect the security and privacy of PHI. For additional information on how HIPAA and HITECH protect health information, visit: http://www.hhs.gov/ocr/privacy/hipaa/understanding/index.html