Trust Center
Introduction
ElevatePFS is compliant with SOC, NIST CSF, and HIPAA regulatory requirements.
Overview of Security Program and Commitments
| SOC 1 Type 2 Report for Patient Responsibility Services | Security Controls | AVP, Self-Pay Operations, CO |
| SOC 2 Type 2 Evidence for all Access Control Tests | Policies and procedures to manage access to information & systems | For evidence not automatically collected by GRC system integrations, Sr. Director of Information Security, Sr. Director of Infrastructure, Director of Compliance |
| SOC 2 Type 2 Evidence for all Encryption Tests | Guidelines for using cryptographic controls to protect information. | |
| SOC 2 Type 2 Evidence for PHY Evidence Tests | Measures to protect physical assets and facilities | |
| SOC 2 Type 2 Evidence for Incident Management Test | Processes for managing information security incidents effectively. | |
| HIPAA Framework | Fraud Enforcement and Other Standards | Director of Compliance, Asst General Counsel |
| NIST Cybersecurity Framework (NIST CSF 2.0) | Six CSF Core Functions | Asst General Counsel, Director of Compliance, Information Security Officer (ISO), Chief Information Officer (CIO) |
| NIST Cybersecurity Framework (NIST CSF 2.0) | CSF Organizational Profiles |
TC22026