vRad achieves SOC 2 Type II data security compliance

EDEN PRAIRIE, Minn.—June 14, 2022—Virtual Radiologic (vRad), the leading US teleradiology practice, announced today their achievement of SOC 2 Type II compliance.

System and Organization Controls (SOC) reporting is one of the best and most widely used methods of demonstrating adherence to effective information technology controls. While SOC 1 focuses on controls relevant to financial reporting, SOC 2 is for service providers that store, process, or transmit any kind of protected information. SOC 2 compliance requires evidence that systems are secure and can cover up to four additional “trust services criteria”— availability, processing integrity, confidentiality, and privacy. vRad’s audit focused on security and availability.

“In the face of increasingly sophisticated cyberattacks that threaten the data of all healthcare providers, vRad is continuously advancing our systems to predict, prevent, and respond to these threats. During the normal course of care delivery to our mutual patients, vRad shares a significant amount of protected data with our clients via integrated technology systems – prior reports, order information, studies, etc. We recognize the high level of trust they put in us to protect that information,” said Imad Nijim, vRad Chief Information Officer. 

SOC 2 Type II is a known and trusted framework used by security experts of major service providers across all sectors, including healthcare. Audits are conducted by an independent third party over an extended period time—up to 12 months—which avoids blind-spots that could be introduced in a single, snapshot audit. The extended audit approach of SOC 2 Type II allows vRad to demonstrate that key elements of our security program—process monitoring, encryption control, intrusion detection, user access, and disaster recovery—operate effectively over the long term. Maintaining a high level of security is integral to their operation and continued success in protecting data and building trust.