ACPlus® Privacy, Security, and Compliance

ACPlus^® Security and Privacy

At ACP, we are deeply committed to safeguarding the security, confidentiality, integrity, and availability of the data entrusted to us—including protected health information (PHI/ePHI), sensitive client data, and confidential business information. Our security program is designed to meet the rigorous requirements of SOC 2 Type II and HIPAA compliance, ensuring that we uphold the highest standards for data protection, privacy, and operational resilience. Protecting our customers’ data is not just a responsibility—it is a core priority that drives every aspect of our technology, infrastructure, and organizational practices.

How ACPlus^® Protects and Monitors PHI

At ACPlus, protecting and securing customer data is our top priority. We employ a multi-layered security strategy that ensures data confidentiality, integrity, and compliance with industry standards. Our approach combines advanced encryption, proactive monitoring, and regular testing to safeguard sensitive information against threats. Key components of our security framework include:

• Redundant, Encrypted Cloud Storage – Customer data is stored on third-party cloud servers with full encryption for both data at rest and in transmission.
• Anonymized Data Handling – Stored data is encrypted and anonymized, ensuring that even if decrypted, it cannot be tied back to an individual. All ePHI is rendered unusable, unreadable, and inaccessible.
• Regulatory Compliance – Our solutions meet SOC 2 Type II and HIPAA compliance standards.
• Web Application Firewall (WAF) – Protects against web-based threats by filtering and monitoring HTTP(S) traffic, blocking common exploits at the application layer.
• Continuous Monitoring & Alerts – Advanced security policies within AWS monitor and correlate activity in real time, instantly detecting and alerting against abnormal or unauthorized behavior.
• Regular Penetration & Vulnerability Testing – Our security and DevOps teams perform weekly tests, while approved third-party vendors conduct bi-annual penetration testing, vulnerability assessments, and incident response exercises.
• Risk Management & Mitigation – Any vulnerabilities identified are reviewed by the IT team, remediated through change control processes, and tracked to ensure systems remain secure and up-to-date.

How ACPlus^® Prevents Data Loss

ACPlus uses the automated backup services that are fully managed and controlled by third-party cloud servers, allowing us to bring applications and tools back online quickly. The routine backup of the databases and servers are managed and performed daily (after every 24 hours).

The Business Continuity & Disaster Recovery Plan (BCDR) in place follows the standard HIPAA and HITRUST data backup guidelines.

ACPlus® Compliance and Goverance

ACPlus adheres to various industry standards and regulatory compliance frameworks, including SOC2 Type II, HIPAA, and ONC Health IT. For additional information work with the customer management and customer support teams to obtain the latest available SOC2 report.

ACPlus® Disclosures