Understanding Our Commitment to Your Security

Most industries have operating standards. There is HIPPA for Healthcare, ISO/IEC for business confidentiality and the Federal Information Processing Standards (FIPS) for non-classified sensitive information when working with the government. None of these standards are required for the PPE world, but the Heard Group has used all of these as a guide for how we do business.

Read below how these standards have informed our business practices, systems and processing.

Encryption - Firewalls - Security

ISO-IEC-27001-2013-Certified-Platform

The Heard Group LLC platform and our common infrastructure are certified as ISO/IEC 27001 compliant. The 27001 standard does not mandate specific information security controls, but the framework and checklist of controls it lays out allow us to ensure a comprehensive and continually improving model for security management.

What we do: the Heard Group has adopted ISO/IEC 27001 standards for data security. We are establishing audits and intend to hire a third party ISO contractor to assist us. 

Encryption - Firewalls - Security

ISO-IEC-27001-2013-Certified-Platform
The Heard Group LLC platform and our common infrastructure are certified as ISO/IEC 27001 compliant. The 27001 standard does not mandate specific information security controls, but the framework and checklist of controls it lays out allow us to ensure a comprehensive and continually improving model for security management.

What we do: the Heard Group has adopted ISO/IEC 27001 standards for data security. We are establishing audits and intend to hire a third party ISO contractor to assist us. 

Patriot-Health-FIPS

Federal Information Processing Standards

These federal standards pertain to non-military federal agencies, government contractors, vendors, and other organizations who work with them. The standards state that federal agencies, contractors or vendors must develop and implement cryptographic modules that protect "sensitive but unclassified information." The newest FIPS testing standard, FIPS 140-3, will become effective beginning on Sunday, Sept. 22, 2019. Although there are no penalties for being non-compliant with FIPS regulations, non-compliance does place your organization at a greater risk of data breaches.

What we do: the Heard Group ensures that we are using leading technology which exceed the FIPS standards.

There are certain technical guidelines provided at hhs.gov which we seek to implement in our management of client documents and data. We can summarize the government's guidance in these four categories: managing access, auditing access, data integrity and transmission integrity. The Heard Group implemented these HIPPA levels of security.

  • We encrypt documents and they can only be accessed by our third party software.

  • All documents are safely stored on a HIPPA level security platform protected by TLS (Transport Layer Security) encryption.

  • Only those with login credentials can view the forms that have been submitted. We are able to limit access based on user roles and security protocols.

  • Each time a user accesses the client data the interface creates a log entry which is stored on our software platform. This is required by HIPAA Regulations to ensure any potential data breach can be back-traced. We have those systems in place.

  • Any changes to a clients data is archived for review by our administrative team.

  • Our website encrypts data between the website and where we store the client's documents.

HIPPA-Compliant
HIPPA-Compliant

There are certain technical guidelines provided at hhs.gov which we seek to implement in our management of client documents and data. We can summarize the government's guidance in these four categories: managing access, auditing access, data integrity and transmission integrity. The Heard Group implemented these HIPPA levels of security.

  1. We encrypt documents and they can only be accessed by our third party software.

  2. All documents are safely stored on a HIPPA level security platform protected by TLS (Transport Layer Security) encryption.

  3. Only those with login credentials can view the forms that have been submitted. We are able to limit access based on user roles and security protocols.

  4. Each time a user accesses the client data the interface creates a log entry which is stored on our software platform. This is required by HIPAA Regulations to ensure any potential data breach can be back-traced. We have those systems in place.

  5. Any changes to a clients data is archived for review by our administrative team.

  6. Our website encrypts data between the website and where we store the client's documents.

What we do: the Heard Group targeted the four areas of compliance established by HIPPA. We carefully manage access to our clients data, we digitally record ever time your data is accessed on our network, we track the integrity of your data and we only send your data through encrypted channels. We excel at all four categories of HIPPA compliance.