AICPA SOC 2 Type II and HITRUST CSF have become the standard of trust for Fortune 500 companies and the highest security standard for healthcare, respectively. Vim has successfully passed the rigorous external audit of SOC 2 Type II + HITRUST, leveraging the collaboration between AICPA and HITRUST, resulting in the highest level of security and assurance in the healthcare industry.
Vim’s full-time, dedicated security team is led by our Chief Information Security Officer. Comprising seasoned information security professionals, the team has far-reaching control over all aspects of data and product security and is responsible for periodic security and privacy training for all Vim employees. Through close monitoring of market and information security trends and developments, we continuously improve and update our security policies and practices.
Supply chain attacks have become a popular method for attackers to gain access to ePHI by targeting insecure third-party services that an organization might use. According to the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS), third-party breaches account for around 25% of ePHI breaches. In response to this risk, Vim has developed a third-party risk management program. New vendors are subject to review by Vim’s security team, which performs a security review of the proposed use and the vendor’s security posture to ensure that sufficient protections are in place and contractually assured.