«No matter where you are, we will always be connected!» – Gianna Binshteyn

Security & Compliance

Your data security and patient privacy are core to how we operate. As a healthcare-focused organization, we follow strict security and compliance standards designed to protect sensitive information at every step.
SOC 2 Type II Certified
HIPAA Compliant

SOC 2 Type II Certified

NY Best Medical has successfully completed its SOC 2 Type II audit. This independent certification verifies that our internal controls across five Trust Services Criteria operate effectively over time:
  • Security
  • Availability
  • Processing Integrity
  • Confidentiality
  • Privacy
SOC 2 Type II certification confirms that our systems, policies, and infrastructure consistently meet industry-leading security requirements and are subject to continuous monitoring and improvement.
Audited By
Johanson Group LLP — an independent CPA firm specializing in SOC assessments.

HIPAA Compliant

NY Best Medical adheres to the HIPAA Privacy Rule and the HIPAA Security Rule, ensuring the protection of PHI (Protected Health Information) across all services and internal operations.
We maintain administrative, technical, and physical safeguards aligned with federal healthcare requirements, including:
Safeguards We Maintain
  • Access controls and identity verification
  • Encryption of data at rest and in transit
  • Secure storage and disposal of PHI
  • Continuous monitoring and system logging
  • Workforce training on HIPAA and privacy practices
  • Incident detection and response procedures
  • Business Associate Agreements (BAAs) with all vendors that may access PHI
Our HIPAA compliance ensures that sensitive medical information is handled with the highest level of confidentiality and care.

What We Consider PHI (Protected Health Information)

Protected Health Information (PHI) includes any information that can identify a patient and relates to their health, care, or payment for care. This may include:
  • Medical history, conditions, and treatment information
  • Diagnosis and clinical notes
  • Appointments and care plans
  • Insurance and billing details
  • Contact information linked to medical records (name, email, phone, date of birth, etc.)
We treat all PHI with strict confidentiality and handle it only as permitted under federal healthcare regulations.

How We Protect Your Data

NY Best Medical uses industry-standard security practices to protect both PHI and other sensitive information.
Technical Safeguards
  • Encryption of data in transit and at rest
  • Role-based access control and authentication
  • Network protections and firewalls
  • Secure cloud infrastructure with restricted access
  • Continuous system monitoring and audit logging
  • Regular penetration testing and vulnerability assessments
Administrative Safeguards
  • Annual HIPAA and security training for all staff
  • Defined access policies based on job role
  • Vendor management and BAA enforcement
  • Regular internal audits and compliance reviews
  • Documented data-handling and retention policies
Physical Safeguards
  • Secure facilities and protected devices
  • Controlled access to areas where PHI is stored
  • Secure workstation and device usage practices
  • Proper disposal and destruction of sensitive data

Infrastructure & Availability

NY Best Medical is built on secure, cloud-based infrastructure designed for reliability, scalability, and resilience. Our goal is to ensure that critical healthcare services remain available when they are needed most.
  • Redundant infrastructure and regular backups for critical systems
  • Geographically distributed resources to reduce single points of failure
  • Strict physical and environmental controls in data centers
  • Ongoing performance and availability monitoring
We continuously review our infrastructure to improve reliability, minimize downtime, and support business continuity in healthcare settings.

Application & Access Security

Our applications are designed with security in mind from the ground up. We apply best practices in software development, access control, and data handling to reduce risk and protect both PHI and other sensitive information.
Secure Application Practices
  • All connections use modern TLS encryption (HTTPS-only)
  • Adherence to secure coding practices and regular code reviews
  • Periodic security testing and vulnerability assessments
  • Protection against common web threats (e.g., injection, XSS, CSRF)
Access Control
  • Role-based access control aligned with job responsibilities
  • Principle of least privilege for internal and external access
  • Strong authentication requirements for internal systems
  • Audit logging for key actions and administrative activities

Your Rights Under HIPAA

Patients have specific rights regarding their Protected Health Information. Subject to applicable laws, you may:
  • Request access to your PHI
  • Request corrections to your PHI
  • Request restrictions on how your data is used or shared
  • Request an accounting of certain disclosures
  • Request confidential communication methods
  • File a complaint if you believe your privacy rights have been violated
To submit a request related to your PHI or privacy rights, please contact our Security Team at security@nybestmedical.com.

Our Commitment

Data protection isn’t a checkbox for us — it’s a continuous responsibility. We invest in secure infrastructure, audit regularly, and improve every aspect of our security posture to support safe, compliant healthcare operations.
Contact Our Security Team
If you have questions about our security practices or need documentation for vendor assessments, please contact us at security@nybestmedical.com.
We use cookies to improve your experience and to show you the most relevant information. By continuing to use this site, you agree to our use of cookies.
Accept
Privacy Policy