Are you a patient needing help accessing your Covid test results? Give our support team a call at 317-794-3900 and we'd be happy to assist or check out our patient portal guide here.


Register

Schedule a Demo

Seeing is believing, let us show you the power of GoRev

Quick Contact

Or to Schedule a demo call our sales team at

(317) 794-3929

Security and Compliance

for GoRev Data Management.

GoRev Security

Security compliance certifications and regulations.

SOC 2

GoRev uses an independent third party to conduct a SOC 2 audit on its GoRev Practice Management and Revenue Cycle Management system. This audit covers the SOC 2 Common Criteria and the Confidentiality and Privacy trust services criteria. We’re happy to share this report with clients or prospects with a signed non-disclosure agreement on file.

socforserviceorganizationslogosos-1

HIPAA Compliant

GoRev is a fully HIPAA compliant solution and takes your medical privacy and security needs seriously! We will enter into a Business Associate Agreement (BAA) with you.

Security Measures

  • Data encryption in transit via TLS1.2
  • Data encrypted at rest
  • Multi factor authentication
  • Granular role based permission management
  • Annual penetration testing is performed by a third party
  • Vulnerability scanning is performed regularly by a third party
  • SOC 2 / HITRUST certified Data Center

Security FAQs

Where does my data live?

GoRev’s infrastructure is hosted exclusively by Expedient and all data in transit is encrypted using the most up-to-date protocols (specifically TLS V1.2 and AES-256).

How do you ensure no other client sees my data?

Customers are provisioned with dedicated networks, database clusters, and compute nodes. This micro segmentation strategy ensures Customer data is separate and secured at all times.

How do you assess third parties before and during their service?

Any vendor with the potential to access sensitive client data is required to provide an external audit or, at a minimum, submit to a risk interview and demonstrate best security practices. These artifacts are refreshed annually to ensure no lapse in oversight. Moreover, each vendor is required to sign a Business Associate Agreement (BAA) and contractually commit to data security practices.

Do you conduct a risk assessment at least annually?

Yes. We look at changes in the product line, the regulatory environment and the cyber threat. We assign risk scores and document an executive leadership review at least quarterly. These steps are verified in the annual SOC 2 audit.

Do you respond to requests for vendor risk assessment questionnaires?

We utilize the SecurityStudio suite for various risk assessment strategies internally and can provide our general assessment in the S2Vendor format at no additional cost once an NDA has been executed. Professional and Enterprise Clients may request we complete custom vendor risk assessment questionnaires at no additional cost. Other license types may request custom vendor risk assessments for a nominal fee covering the required labor.

Describe your data backup and recovery system.

We utilize database clusters consisting of a minimum of 3 nodes per cluster with a failure capability of one node per cluster. Backups are stored redundantly both on premise and offsite in a separate geographic zone from the primary site. We test backups regularly to ensure they are both complete and able to be restored. The recovery point objective is 24 hours with a recovery time objective of 4 hours.

Do you have an incident response program?

GoRev maintains a comprehensive incident classification and response procedure. While highly unlikely, should a breach occur GoRev has a third party security firm on retainer capable of initiating immediate incident response and necessary forensic analysis.

Do you perform security reviews during development?

Security is baked into the coding process, and a number of checks are performed to validate new code prior to deployment. Both manual and automated code scanning is performed to identify potential vulnerabilities prior to deploying new GoRev versions.