MSP Recovery Is Compliant In Trust + Service Principles In System Organization Controls (soc)2

MSP Recovery, LLC, a leading Medicare and Medicaid Secondary Payer Act recovery specialist, today announced that it has successfully completed a System Organization Controls (SOC) 2® Type I Audit examination for their Secondary Payer Recovery Services System. MSP retained international business advisory firm Skoda Minotti for its SOC 2® audit work. MSP selected Skoda Minotti after an intensive search based on their reputation as a leading risk advisory and compliance firm.

Ben Osbrach, CISA, CISSP, CICP, CCSFP, QSA, partner-in-charge of Skoda Minotti’s risk advisory group says, “We were excited to work with MSP from the very start. They are an intriguing organization delivering high quality services and their business adds to our growing SOC reporting practice.”

SOC 2® engagements are performed in accordance with the American Institute of Certified Public Accountants’ (AICPA) AT-C 320, Reporting on Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting and based on the trust service principles outlined in the AICPA Guide, Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy. The SOC 2® Type I report is performed by an independent auditing firm and is intended to provide an understanding of the service organization’s suitability of the design of its internal controls. A service organization may select any or all of the trust service principles applicable to their business and MSP chose to report on security, processing integrity, and confidentiality. The successful completion of this voluntary engagement illustrates MSP’s ongoing commitment to create and maintain a secure operating environment for their clients’ confidential data.

Skoda Minotti’s testing of MSP’s controls included examination of their policies and procedures regarding network connectivity, firewall configurations, systems development life cycle, computer operations, logical access, data transmission, backup and disaster recovery, and other critical operational areas of their business. Upon completion of the audit, MSP received a Service Auditor’s Report with an unqualified opinion demonstrating that their policies, procedures, and infrastructure meet or exceed the stringent SOC 2® criteria for security, processing integrity, and confidentiality.

“The successful completion of our SOC 2® Type I examination audit provides MSP’s clients with the assurance that the controls and safeguards we employ to protect and secure their data are in line industry standards and best practices,” said Gino Moreno, Chief Compliance Officer.

About – MSP Recovery, LLC

MSP Recovery, LLC is a leading Medicare and Medicaid Secondary Payer Act recovery specialist servicing HMOs, MSOs, and IPAs. With its multi-level structure, MSP, through its proprietary software and highly trained staff of IT personnel, accountants, statisticians, physicians, data analysts, and attorneys, analyzes and pursues payment for claims for which another third-party payer may have been liable.

MSP clients assign the rights to recovery on their claims as they pertain to:

Secured Claims – claims for which a payment is required pursuant to an insurance agreement whereby either the terms of the policy and/or by statutory requirement, the insurer is required to pay for medical services before any other available sources of payment.
Unsecured Claims – claims for which there is either no contractual obligation to be a primary payer or where the primary payer has paid the limits of its contractual obligation.
For more information about MSP, please visit their website at

About – Skoda Minotti

Skoda Minotti is a Certified Public Accounting Firm based in Cleveland, OH offering a variety of tax, finance, and business advisory services in virtually every area of business. The Risk Advisory practice specializes in SOC Reporting, PCI DSS Compliance, FISMA, NIST, and other regulatory information security assessments. Staff in Skoda Minotti’s Risk Advisory hold several industry certifications including Certified Information Systems Auditor (CISSA), Certified Information Systems Security Professional (CISSP), Qualified Security Assessor (QSA), GIAC Penetrations Tester (GPEN), and GIAC Web Application Penetration Tester (GWAPT). For more information about Skoda Minotti’s Risk Advisory Services, please visit

About the author