IOD Incorporated, the leader in full-suite health information management (HIM) solutions for hospitals, healthcare systems and clinics, today announced it has successfully passed the American Institute of CPAs (AICPA) 2013 Service Organization Controls (SOC) 2 Type II Report without a single deviation. The purpose of the report is to provide third party credibility to service organizations, such as IOD, that operate information systems and provide information system services to other companies. This is a significant accomplishment for IOD, which processes four million medical records release requests annually, in addition to 500,000 charts for coding and abstraction, to healthcare organizations nationwide. By participating in the AICPA'S SOC audit process, IOD allows the controls they use to process clients' data to be evaluated from a protection and credibility standpoint.

The AICPA's SOC Report evaluates Five Trust Principles to determine appropriate controls are in place, which include:

  • Security: The system is protected against unauthorized access (both physical and logical)
  • Availability: The system is available for operation and use as committed or agreed
  • Processing integrity: System processing is complete, accurate, timely and authorized
  • Confidentiality: Information designated as confidential is protected as committed or agreed; and
  • Privacy: Personal information is collected, used, retained, disclosed and destroyed in conformity with the commitments in the entity's privacy notice and with criteria set forth in generally accepted privacy principles issued by the AICPA and CICA

As part of its continual effort to improve the processing integrity and security of its healthcare services operation, IOD nearly doubled the number of its internal controls reviewed by an external auditor in the 2013 report to 136 distinct controls. These identified controls are designed to ensure delivery of the highest service quality, while maintaining optimal data security and improving operational efficiency. The AICPA evaluated IOD's entire server and hosting infrastructure for the secure transmittal, retrieval and release of medical records and PHI across the company's lines of business, including its ROI workflow and transaction processing. Upon completing the evaluation, the auditor reported that no deviations were found in any of IOD's controls.

"This achievement is a direct result of the dedicated work of our 1,700 IOD employees and their commitment to providing the highest quality and most secure services to our customers," said George Abatjoglou, CEO of IOD. "By participating in the 2013 SOC Report, IOD is demonstrating its commitment to delivering a secure and reliable operation to our healthcare clients nationwide. In today's world of healthcare data breaches and cyber-attacks, we believe being an SOC 2 Type II Report organization is a minimum threshold any healthcare provider should require of its business partner, and we are proud to comply."

About IOD Incorporated

IOD, a leading health information management company with more than 30 years of industry experience, combines innovative technologies and services to streamline workflows, maximize productivity and reduce costs for hospitals, healthcare systems and clinics worldwide. As a result, nearly 2,000 healthcare organizations rely on IOD's PRISM® platform and supporting services to transform and deliver meaningful health information to the right people at the right time in the right format. To learn more about how IOD helps healthcare organizations achieve their operational and financial goals, visit http://www.iodedge.com

For IOD Incorporated
Dori Mendel, 770-998-0070
dmendel@dodgecommunications.com