As a developer of accounts receivable management software, we constantly work with sensitive information from our clients and their debtors. To ensure the billing and collection process runs smoothly, we need personal data from both the debtor and the creditor. When dealing with such sensitive information on an online platform, you want to be certain that the security of your platform is well managed in all areas. We achieve this by being very critical of our information management, but also by having it assessed. This includes planned tests to attempt hacking our systems, as well as external audits and generally recognized certifications.
ISO/IEC 27001:2013
A few years ago, we received this external recognition for our internal policy in the form of an ISO/IEC 27001:2013 certification. This is an international standard for Information Security Management System (ISMS). This standard specifies requirements for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an ISMS, in our case, the Payt platform. With the ISO/IEC 27001:2013 certification, we can demonstrate and confidently state that our platform meets all requirements in the field of information security.
NEN 7510 specific to healthcare
The NEN 7510 is a standard that, in addition to ISO 27001, sets requirements for information security specifically in healthcare. This is necessary because medical and patient data are processed in healthcare, for which ISO 27001 does not include specific guidelines and frameworks. Since we are currently very active in dental care and paramedical care, it is important for us that it is safe and legally correct to store and/or exchange patient data within our platform. We are proud to say that this is the case and that, in addition to the ISO/IEC 27001:2013 certification, we have also received the NEN 7510 certification. Therefore, our clients in healthcare can trust that we handle their patients’ data adequately and securely towards those patients and insurers. A NEN 7510 recognition is a prerequisite for submitting claims to insurers on behalf of healthcare organizations, known as clearing.
This way, we ensure not only that our clients get paid better and faster but also in compliance with the requirements regarding appropriate information security. A good and safe idea!
