NBS has successfully completed SSAE 18 SOC 1 and SOC 2 examinations for third party attestation of internal control by an independent service auditor firm. NBS first underwent this process in 2008 and has continued to undergo the SOC examination process annually, as part of its commitment to the security, availability and processing integrity of data and systems. NBS’s SOC 1 and SOC 2 examinations are Type II, examining the suitability of the design of NBS's controls, as well as their effectiveness over a period of time.
The American Institute of Certified Public Accountants (AICPA) has designed the SOC suite of services for reporting on internal control at a service organization to assist users with identifying and addressing risk associated with the service organization’s service or system. (www.aicpa.org/soc).
Additional information on SSAE 16 and Service Organization Control reports can be viewed at the AICPA's new web page (www.aicpa.org/soc).
The HIPAA Privacy Rule provides federal protections for individually identifiable health information held by covered entities and their business associates and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of health information needed for patient care and other important purposes.