Security & Compliance You Can Trust
At One Mnet Health, protecting your patients' data is not just a priority, it's fundamental to everything we do. Providers trust us with their most sensitive information, and we take that responsibility seriously. From clinical to financial, everything we deliver is built on a foundation of enterprise-grade security, rigorous compliance standards, and continuous monitoring.
Our Trust Commitments
HIPAA/HITECH Aligned
Our platform is built with administrative, physical, and technical safeguards aligned with the HIPAA Security Rule and HITECH Act. These controls are periodically reviewed and assessed by independent third parties, and we support HIPAA compliant use through documented policies, security controls, and Business Associate Agreements.
PCI DSS Validated
Our solutions are designed and operated to support compliance with the Payment Card Industry Data Security Standard (PCI DSS). We undergo regular assessments and maintain validation appropriate to our PCI scope, providing customers assurance that cardholder data is protected using industry standard security controls.
TCPA Aligned
Our patient communication practices align with the Telephone Consumer Protection Act (TCPA). We obtain appropriate patient consent, contact patients only within approved time windows, maintain strong logging and auditability, and support compliant opt out processes to ensure patient communication preferences are respected.
FDCPA Aligned
Our patient billing and collections processes align with the Fair Debt Collection Practices Act (FDCPA), ensuring ethical and compliant practices when we communicate with patients about outstanding balances. We maintain respectful collection practices that protect patient rights while supporting facility revenue goals.
State Collection Laws Compliance
Our patient billing and collections services comply with state-specific collection laws across all jurisdictions where we operate. We also maintain up-to-date knowledge of varying state regulations that govern collection practices. Whether managing early-out accounts or those that have been written off to bad debt, we ensure our processes meet each state's unique legal requirements while maintaining ethical collection practices.
State Consumer Privacy Laws Compliance
We comply with state consumer privacy laws, such as the California Consumer Privacy Act (CCPA) and other applicable state privacy regulations. Our data handling practices respect patient privacy rights, including the right to access, correct, and request deletion of personal information where applicable under state law.
Our Security Practices
One Mnet Health uses a layered protection strategy focused on prevention, detection, response and recovery.
Encryption at Every Level
All customer data is encrypted both in transit (using HTTPS/TLS) and at rest (using AES 256-bit encryption or stronger). This ensures Protected Health Information remains confidential whether it is being transmitted between your facility and our servers or stored in our databases.
Continious Monitoring
Our 24/7 Security Operations Center uses advanced monitoring tools (next-generation antivirus, cloud monitoring, SIEM, intrusion detection, and extended detection and response) to identify and respond to suspicious activity before it impacts your data.
Secure Authentication and Access Control
One Mnet Health supports multi-factor authentication and single sign-on which gives you control over authentication requirements to match your facility's security policies.
Periodic Penetration Testing
We regularly engage independent security firms for penetration testing and use automated tools for continuous application security scanning, and vulnerability detection. This layered approach identifies potential weaknesses early so we can address them quickly.
Secure and Reliable Infrastructure
Our platform runs on secure cloud instracture with built-in redundancy and robust protections:
- Hosted in hardened environments by top cloud service providers
- Network segmentation and firewalls
- Resiliency across availability zones
- Regular backups and disaster recovery planning
Responsible Vulnerability Disclosure Policy
One Mnet Health uses a layered protection strategy focused on prevention, detection, response and recovery.
This policy is for security researchers who want to report potential vulnerabilities to One Mnet Health. For sales, support, or other inquiries, please use our Contact Us page.
One Mnet Health does not permit security testing, scanning, or vulnerability assessments of our systems without prior written authorization.
If you discover a potential security vulnerability, please contact security@onemnethealth.com as soon as possible and avoid public disclosure until we’ve resolved the issue. Our security team will review your report, and if we confirm it as a vulnerability, we’ll work to address it based on the severity.