Operations Status:      Atlanta, GA        Phoenix, AZ       Richmond, VA
= 100% Operational         = Operating and releasing mail at reduced production levels     = No current production

Security & Privacy

DATAMATX SECURITY AND PRIVACY

DATAMATX makes the privacy and security of our customers’ data and our internal resources’ data of the highest priorities.  We have undergone the most rigorous compliance audits in the industry with independently validated reports on compliance for SOC1, Type 2, SOC 2, Type 2, FISMA/NIST 800-53/Pub.1075 and HITRUST CSF certified.

As a data custodian for client PHI, FTI, and PII, DATAMATX incorporates the strongest encryption policies to protect and continuously monitor all data and transactions.  Multiple firewalls and routers are in place to filter unauthorized inbound network traffic and deny connections not explicitly authorized and have a “deny all, allow by exception” policy.  The use of strong password policies with complexity, strength, MFA, and lock-outs strictly monitored and enforced.   The PCI and FISMA network segments have additional controls deployed for the protection and destruction of client-owned information categorized as Moderate impact.

DATAMATX undergoes qualified vulnerability penetration testing annually.

DATAMATX facilities incorporate monitored access control systems to secure exterior entrances and internal production areas associated with production or storage of sensitive information. DATAMATX employees are required to wear company-issued identification badges which include their name, picture, employee number, and security access code level.

DATAMATX has a rigorous Risk Assessment and Mitigation policy for identifying, assessing, and proactively mitigating risks and follows NIST guidelines and continuously monitors facility network and access.

HITRUST/HIPAA compliant

Datamatx is HITRUST CSF certified under the NIST Cybersecurity Framework v 1.0. Achieving this certification places DATAMATX among an elite group of organizations that have been able to meet the rigorous key compliance regulations and industry requirements for the security of protected health information (PHI). HITRUST CSF is the information protection framework for the health care industry for addressing rigorous HIPAA standards, as well providing a certifiable framework that includes, harmonizes and cross-references existing, globally recognized standards, regulations and business requirements—including HIPAA, HITECH, NIST, ISO, PCI, FTC, COBIT, CCPA, and GDPR.