Centralis Health Security Statement

Health care records aren't just valuable to doctors and patients - according to a Trustwave report, health care data records may be valued at up to $250 per record on the black market - almost 50 times more than  the next most-valued record (payment cards at $5.40). Under the HITECH Act modifications to HIPAA, the U.S. Department of Health and Human Services' Office of Civil Rights (OCR) can impose civil monetary penalties  for privacy breaches, ranging from $120 per violation to almost $2 million. You can see that the incentives both to violate and to protect health care information are large, and growing annually.

Health care providers need a partner dedicated to helping secure the personal health information and electronic health information under the practitioner's control. Further, a health care provider's partner needs to provide you tools, assurances, and confidence that they understand the forces at work and are ready to assist in all aspects. Centralis Health is just such a partner.

Centralis Health's approach relies on ensuring that the transmission, storage, and access of all personal and electronic health information is handled safely, transparently, and in full compliance with applicable regulations. We meet both the HIPAA Security Rule and Privacy Rule. Centralis Health's Communication Suite offers immediate compliance with both HIPAA and HITECH (the Health Information Technology for Economic and Clinical Health Act). All data is secure and encrypted to the highest standards and all services are delivered under health care-specific legal agreements. Centralis Health accomplishes this through a defense-in-depth approach that assumes outside forces will be persistent and industrious, so our security must match those efforts.

Centralis Health's careful procedures give health care providers the confidence that you will not face civil monetary penalties or other sanctions. Centralis Health hosts all provided services in Microsoft's Azure for Health, the most secure cloud offering available today. Microsoft is one of the first hyperscale cloud service providers to receive certification for the HITRUST CSF. Their HIPAA Business Associate Agreement clarifies and limits how the business associate (Microsoft) can handle personal health information and sets forth additional terms for each party related to the security and privacy provisions outlined in HIPAA and the HITECH Act.

Internally, Centralis Health takes HIPAA just as seriously. Centralis Health completes an annual independent third-party certified internal HIPAA audit, background checks, and updated HIPAA training for all personnel and contractors. Centralis Health requires fully executed Business Associate Agreements for all contracts and has executed the data use and reciprocal support agreement (DURSA) with the national eHealth Exchange.