Information security has always been a part and parcel of the American Medical Billing Industry. With the HIPAA Omnibus rule making amendments to the privacy and security provisions of HIPAA, security requirements have become more complex necessitating the need for stringent controls in order to provide the most sophisticated levels of information security.



VRCM has implemented Information Security Management System (ISMS) designed in accordance with ISO 27001:2013 standards, an approach towards mitigating information breach. VRCM has identified appropriate security protocols for the enormous amount of electronic data and protected health information that the company handles on a daily basis. Compliance with ISO 27001:2013 has provided the company a platform to further support the levels of security guaranteed by HIPAA.


Our ISMS is backed by state of the art network infrastructure reinforced with highest levels of security solutions. Employees at VRCM undergo a rigorous awareness and training program on the importance of information security and commitment towards protecting patient information. We have also taken utmost care to implement policies in line with information security in order to safeguard information assets and instill confidence in our clients.


VRCM is now SSAE16 Type II Certified

VRCM has been certified as SSAE16 SOC2 Type II compliant, VRCM successfully completed its Service Organization Controls (SOC) 2 Type II examination. The examination, conducted by independent accounting and auditing firm TUV RHEINLAND, evaluated the processes, procedures and controls for security, availability and confidentiality at VRCM’s facilities. SOC 2 certification assures VRCM customers that the company has effective operational controls and meets audit levels for data protection and availability.