MedStack Technology Compliance Policies

Information Transfer

Document information transfer security in agreements

  • We do not directly transfer PHI to third parties.
CodeSectionTitle
ISOA.13.2.2Agreements on information transfer

Cryptographically secure and sign communications

  • Use encryption to protect all communications, including
    • electronic messaging
    • remote conferencing
    • interactions with internet-based software applications
CodeSectionTitle
ISOA.13.2.3Electronic messaging
SOC2CC6.7The entity restricts the transmission, movement, and removal of information to authorized internal and external users and processes, and protects it during transmission, movement, or removal to meet the entity’s objectives.

Document non-disclosure requirements in agreements

CodeSectionTitle
ISOA.13.2.4Confidentiality or non-disclosure agreements

Enforcement

  • Responsible party: All managers and supervisors
  • sanctions: standard

References

CodeSectionTitle
ISOA.13.2Information transfer
ISOA.13.2.1Information transfer policies and procedures
SOC2CC6.7The entity restricts the transmission, movement, and removal of information to authorized internal and external users and processes, and protects it during transmission, movement, or removal to meet the entity’s objectives.