MRO’s ROI software is HITRUST CSF® Certified and audited to verify it meets stringent SOC 2 Type II Privacy and Security Controls.
HITRUST CSF Certified
As one of the first release of information platforms to achieve HITRUST CSF Certified status for information security, MRO strives to continually exceed the complex compliance and security requirements. The certified status demonstrates that ROI Online has met specific regulations and industry-defined requirements and is appropriately managing risk. By including federal and state regulations, standards and frameworks, and incorporating a risk-based approach, the HITRUST CSF helps organizations address challenges through a comprehensive and flexible framework of prescriptive and scalable security controls.
AICPA Service Organization Control 2 (SOC 2) Type II
MRO completed the AICPA Service Organization Control 2, also known as SOC 2 Type II audit, demonstrating compliance with strict information privacy and security standards. The audit report covers MRO’s production facilities, business processes and flagship ROI Online® PHI disclosure management platform. Results verify that MRO’s policies and strategies satisfactorily protect client data and fully meet stringent SOC 2 standards.
The SOC 2 framework includes five sections, forming a set of criteria called the trust services principles: security, integrity, availability, privacy and confidentiality.
The rigorous SOC 2 audit process, combined with achieving the HITRUST CSF certification, showcases MRO’s commitment to the core mission—to disclose the correct PHI to the proper requester, each and every time.
Certified Health Information Handler
As a certified Health Information Handler (HIH), and a designated technology services provider of the Social Security Administration (SSA) and the Centers for Medicare & Medicaid Services (CMS), MRO enables healthcare organizations of all sizes to electronically exchange information with both agencies, helping clients to improve financial performance, enhance efficiency and drive compliance.
MRO’s interface with the CMS esMD gateway enables access with the following auditors:
- Medicare Recovery Auditors (formerly called RACs)
- Medicare Administrative Contractors (MACs)
- Comprehensive Error Testing Contactors (CERTs)
- Payment Error Rate Measurement Contractors (PERMs)