Compliance & Security
Never resting, Bridge is always advancing its efforts in keeping our client's PHI and data safe.
Compliance and security take the highest priority at Bridge and is consistently the fastest-growing department in Bridge's business. We believe that compliance and security policies and procedures must be integrated into every aspect of the business. This is especially pronounced in how Bridge trains its staff, implements its technology, services its customers, develops and hosts its software, performs quality assurance, and audits its systems. Trust Bridge to take patient engagement to the next level just as many of healthcare's most respected names have already done.
We're proud to have received SOC 2 certification, which is an auditing procedure that ensures third-party vendors such SaaS and cloud computing providers securely manage your data and the privacy of your patients. Developed by the American Institute of CPAs, SOC 2 defines criteria for managing customer data based on five “trust service principles” — security, availability, processing integrity, confidentiality and privacy. For security-conscious organizations, SOC 2 compliance should be a minimal requirement when considering a SaaS provider.
ONC 2015 Edition Certification
Bridge Patient Portal v3 is certified by SLI, an Office of the National Coordinator-Authorized Certification Body (ONC-ACB) in accordance with the certification criteria adopted by the Secretary of Health and Human Services (HHS). The portal helps provider groups meet requirements for MIPS, MACRA, and Stage 3 Meaningful Use programs. Bridge also complies with the USCDI data set and the CURES Act.
Bridge is compliant with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which defines privacy and security guidelines and standards for the healthcare industry. Besides HIPAA being part of Bridge's culture, Bridge business practices are audited annually by a 3rd party (Compliancy Group), and its systems are audited even more frequently.
Bridge applies PCI cybersecurity guidelines in their development and infrastructure. As a best practice, Bridge never hosts, transmits, or stores credit card information. Instead, Bridge uses payment gateway partners for all credit card processing.
TLS Encryption and Certificates
Bridge applies strong encryption in transit by applying and updating their configurations regularly according to NIST recommendations on TLS versions and on the usage of strong cipher-suites in EVERYTHING we do.
Next Generation Firewalls
Bridge uses various next-generation firewalls to perform deep packet inspection (DPI) on all communications. Bridge Patient Portal also uses web application firewalls (WAFs) with custom rulesets and other advanced Cloudflare services.
Bridge exclusively uses Amazon Web Services and Google Cloud Platform for application hosting and exclusively uses the HIPAA-compliant cloud services of both cloud hosting providers.
All product names, logos, and brands are property of their respective owners. All company, product, and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.