MSP Compliance

How we maintain
your privacy
+ security.

MSP Recovery’s data transfer procedures comply fully with the HIPAA Security Rule. HIPAA requires encryption of Protected Health Information (“PHI”) whenever it is reasonable and appropriate to do so. For any individuals/ entities transferring any PHI or other data, please be advised that we use a Secure File Transfer Protocol (“SFTP”) to ensure your data remains secure and HIPAA compliant while it is being transferred. The SFTP will encrypt commands and data, preventing passwords and sensitive information from being transmitted in the clear. In order to ensure that the data remains secure and HIPAA compliant, we have implemented the following procedures:

 

MSP Recovery is compliant in the trust and service principles in System Organization Controls (SOC) 2.

 

Unique User Identification

A unique name and/or number is assigned for identifying and tracking user identity.

Emergency Access Procedure

For obtaining necessary PHI during an emergency.

Automatic Logoff

Procedures that terminate an electronic session after a predetermined time of inactivity.

Encryption and Decryption

Procedures both while data is being transferred and is at rest.

Audit Controls

To corroborate that PHI has not been altered or destroyed in an unauthorized manner.

Integrity Controls

To ensure that electronically transmitted PHI is not improperly modified without detection.

Verification Procedures

To ensure that a person or entity seeking access to PHI is authorized to do so.