Thank you!

One of our team members will reach out to you to set up your demo soon.

Thank you!

Be on the lookout for monthly updates on the latest innovations in patient payments.

Security and Compliance Are at the Heart of Patientco

Patientco is dedicated to meeting the security and compliance needs of our clients in order to process electronic transactions in healthcare, process payments and move healthcare data seamlessly. Patientco is independently certified and audited annually for both healthcare and payment processing.

Patientco’s Infrastructure

Patientco’s infrastructure is developed to be geographically redundant and highly available. We have built our systems to withstand and detect malicious attacks and to scale to your organization’s needs. We serve organizations of all sizes ranging from solo practitioners to national healthcare systems.  Each healthcare provider’s data lives within our SOC 2 Type 2 and PCI DSS Level 1 certified cloud infrastructure, which protects all data at rest and in transit throughout all phases of processing and the data lifecycle.

Security and Compliance Program and Certifications

Patientco has implemented a cross functional, enterprise wide Information Risk Management program based on the ISO 27001 standard for information security management.  We are certified and compliant with the following organizations and regulatory groups.

HFMA Peer Reviewed

Patientco has achieved HFMA Peer Review designation. HFMA’s Peer Review program gives healthcare financial executives an objective, third-party evaluation of business solutions used by health systems. To achieve this designation, Patientco was assessed by HFMA’s legal team, which involved a review of our HIPAA privacy and security compliance posture.

HIPAA Compliant

Patientco is compliant with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which defines privacy and security guidelines and standards for the healthcare industry, and  the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009, which supports the enforcement of HIPAA requirements by raising the penalties of health organizations that violate HIPAA Privacy and Security Rules.


NACHA Compliant

Patientco is compliant with the National Automated Clearing House Association (NACHA) Operating Rules, which determine the legal framework for the ACH Network. NACHA is the not-for-profit association that manages the development, administration and governance of the ACH Network.

PCI DSS Level 1 Certified

Patientco is certified as a Level One Service Provider with the Payment Card Industry Data Security Standard (PCI DSS) and undergoes annual recertification and independent audit to ensure the continued operation of controls and safeguards to protect payment processing data.


SSAE18 SOC 2 Type II Compliant

Patientco has completed the Statement on Standards for Attestation Engagements (SSAE) No. 18 SOC 2 Type II, “Reporting on Controls at a Service Organization.” These standards are issued and governed by the American Institute of Certified Public Accountants (AICPA).

Contacting the Security and Compliance Team

If you have questions or concerns related to security or compliance, please send us a confidential message using the contact form below.  Patientco clients should submit questions and feedback through their designated Patientco resources, not this contact form.

All submissions will be treated as confidential.