Patient privacy and data security is native to everything we do

All CirrusMD technology, clinical and business processes, engineering development, and delivery protocols are built with integrated security and compliance at their core.

virtual care security and HIPAA compliance

NCQA Accredited

The National Committee for Quality Assurance (NCQA) is an independent organization focused on improving health care quality through the administration of evidence-based standards, measures, programs, and accreditation.

ISO 27001 Certified

The world’s best-known standard for information security management systems (ISMS) and their requirements. 

FedRAMP Authorization “In Process”

The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.

HIPAA Compliant

CirrusMD has developed an enterprise security program that aligns with NIST, ISO, and OWASP frameworks, and maintains active business agreements with all partners to comply with Health Insurance Portability and Accountability Act (HIPAA) regulations.

We're health data defenders

ISO 27001 Certified

The International Organization for Standardization (ISO) is an independent, non-governmental organization with a membership of 167 national standards bodies. CirrusMD has achieved  ISO/IEC 27001:2013 certification, the world’s best-known standard for information security management systems (ISMS) and their requirements. 

Attaining this certification allows CirrusMD to manage the confidentiality, integrity, and availability of critical assets, including  sensitive customer information (PHI/PII), intellectual property, employee data, and information entrusted by third parties.

LEARN MORE
HIPAA compliant virtual care

HIPAA Compliant

CirrusMD has developed an enterprise security program that aligns with NIST, ISO, and OWASP frameworks, and maintains active business agreements (BAAs) with all partners to comply with Health Insurance Portability and Accountability Act (HIPAA) regulations. 

CirrusMD performs routine training and self-assessments on data handling, privacy, and security safeguards to ensure HIPAA compliance is continuously monitored and updated.

FEDRamp Authorization in process

FedRAMP Authorization “In Process”

The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. 

CirrusMD’s authorization  for FedRAMP Moderate is “In Process” through partnership with the United States Department of Veteran Affairs. Currently, CirrusMD delivers access to healthcare services to millions of Veterans throughout the United States, Puerto Rico and the U.S. Virgin Islands. Once FedRAMP Authorization is achieved, government-wide agencies and organizations will be able to rapidly adopt our integrated virtual care platform knowing that we are a trusted and secure partner.

LEARN MORE
NCQA Accredited

NCQA Accredited

The National Committee for Quality Assurance (NCQA) is an independent organization focused on improving health care quality through the administration of evidence-based standards, measures, programs, and accreditation. The CirrusMD Provider Network is accredited by the NCQA in Credentialing, a comprehensive program that evaluates the operations of organizations, which include verifying practitioner credentials, designating credentialing-committee review of practitioners and monitoring practitioner sanctions.

Based on this accreditation, health plans working with CirrusMD can delegate all credentialing functions to the CMDPN, in turn streamlining the process of delivering virtual care services to health plan members in all 50 states.

LEARN MORE

CirrusMD Successfully Completes SOC 2 Audit

A SOC 2 Type 2 audit aims to assure stakeholders that a service organization not only has appropriate security measures in place, but also effectively implements and maintains them over time. This is not a compliance checkbox; instead it is a strong indicator of an organization's commitment to upholding high levels of security and data protection over an extended time period. Completing this audit is a reflection of CirrusMD’s proactive approach to managing risk, underscoring a dedication to maintaining a secure and reliable service.

LEARN MORE