PDHI products and services comply with the following standards and laws concerning privacy, security, usability, delegation, and regulations.
HITRUST CSF Certification
The ConXus Platform has earned HITRUST Common Security Framework (CSF) certification from the HITRUST Alliance’s CSF Assurance Program for data security and protection of protected health information (PHI). The CSF includes federal and state regulations, standards, and frameworks such as HIPAA, NIST, ISO, and COBIT.
The CSF Assurance Program provides healthcare organizations and their business associates with a comprehensive, flexible, and efficient approach to regulatory compliance and risk management. For non-healthcare organizations with active GRC programs (governance, risk, compliance under Sarbanes-Oxley and other state privacy regulations) HITRUST CSF is mapped to the NIST Cybersecurity Framework.
CSF certification designates that an organization meet all the certification requirements of the CSF, and it’s valid for 2 years from the certification date. CSF certification requires:
- Completion of an assessment questionnaire to identify security controls, resources, and tools utilized
- Submission of supporting documentation and evidence for each control
- Onsite testing and report preparation by an approved CSF assessor
- HITRUST review and validation
The benefits to clients and prospects of our platform’s HITRUST certification include:
- Independent verification that we meet the healthcare industry’s highest standards in protecting healthcare information and mitigating this risk
- Removal of an administrative burden and associated costs for organizations who conduct a formal vendor risk-management process
- Significant reductions in time and effort should a client apply for HITRUST certification
Certified Data Centers
The ConXus Platform is hosted on Microsoft Azure, a comprehensive set of cloud services. Azure provides highly scalable, reliable, and secure hosting from multiple data centers across the United States.
Azure is certified to the Health Information Trust Alliance Common Security Framework (HITRUST CSF). Azure also complies with Service Organization Controls standards for operational security (SOC 2 and SOC 3).
ConXus Profile (health risk assessment) and ConXus Steps (self-management tools) have received Wellness and Health Promotion (WHP) certification from the National Committee for Quality Assurance (NCQA).
Health plans using ConXus modules receive automatic credit tools when undergoing NCQA Health Plan Accreditation for the following standards:
- 2017 MEM 1: Health Appraisals and MEM2: Self-Management
- 2018 PHM 4: Wellness and Prevention, Elements A-K
Wellness service providers using ConXus modules receive automatic credit for health appraisals (WHP 5) and self-management tools (WHP 7) when undergoing NCQA Wellness and Health Promotion Accreditation.
FDR Medicare Compliance
PDHI qualifies as a first tier, downstream, or related entity (FDR) for clients operating as Medicare Advantage organizations.
To complete annual FDR attestation, PDHI complies with the following requirements:
- Distribution of our code of conduct within 90 days of hiring or contracting and annually thereafter
- Completion of CMS Medicare Parts C & D Fraud, Waste, and Abuse and General Compliance Training within 90 days of hiring or contracting and annually thereafter
- Review of federal-level exclusion lists (DHHS-OIG List of Excluded Individuals and Entities and GSA System for Award Management) prior to hiring or contracting with any individual or entity, and monthly thereafter to ensure that none are excluded from participating in federal healthcare programs
National CLAS Standards
PDHI follows the National Culturally and Linguistically Appropriate Services (CLAS) Standards in Health and Health Care published by the Office of Minority Health, US Department of Health and Human Services.
The National CLAS Standards are intended to advance health equity, improve quality, and help eliminate healthcare disparities by providing a blueprint for individuals and health and healthcare organizations to implement culturally and linguistically appropriate services.
Text and images used in the PDHI health risk assessment and self-management tools are designed to be understandable by and respectful of all users, regardless of age, gender, education, and socioeconomic background.