Press release

Medac Achieves SOC 2 Compliance, Completes Successful HIPAA Risk Assessment

Sponsored by Businesswire

Medac, a leading provider of anesthesia revenue cycle management, today announced the successful completion of its fourth consecutive SOC 2 Type 2 examination and HIPAA risk assessment.

For their engagement, Medac was measured against the AICPA Trust Services Criteria for Security, Availability, Processing Integrity and Confidentiality, as well as applicable HIPAA Privacy, Security and Breach Notification rules.

The SOC 2 Type 2 examination reviewed the effectiveness of the company’s controls over a period of time, while the HIPAA risk assessment ensured that the company follows appropriate procedures for storing, processing, and handling their clients’ protected health information (PHI).

The HIPAA risk assessment is “a requirement under the law and an industry standard that, if used properly, can help identify and treat risks many healthcare organizations face today,” noted Bryan Hemerka, National Director of Information Security at Medac, while “SOC 2 Type 2 reports are designed to give Medac and its customers peace-of-mind around the operating effectiveness of the internal controls Medac employs to safeguard customer data and PHI.”

Collectively, these efforts demonstrate a substantially higher level of assurance and operational visibility than organizations that have not undergone these assessments. Anesthesia providers who need to entrust Medac with their data can do so with confidence that the information will be appropriately protected.

By working with the same team for both engagements, Medac was able to streamline the entire process.

360 Advanced’s “ability to perform collaboratively with us” was a major differentiator, explained Hemerka.

The integrated approach allowed them to reduce the demands on their internal team, while gaining a more holistic evaluation of their security posture.

About Medac

Medac is one of the nation’s largest anesthesia revenue cycle management companies, dedicated exclusively to anesthesia and pain management. Medac’s revenue cycle management services are designed to assist clients with the business management functions associated with the delivery of anesthesia services—in particular, the billing and collection functions—thereby permitting providers and facilities to focus on providing quality medical services to their patients. Medac’s quality, results-oriented commitment to clients provides the most comprehensive and personalized service possible while optimizing reimbursement.

For more information, please visit

About 360 Advanced

360 Advanced is “Making Better Businesses” through their national Cybersecurity and Compliance offerings. Services provided include SOC 1, SOC 2, SOC 3, SOC for Cybersecurity, CSA STAR, HIPAA/HITECH, ISO 27001, PCI-DSS, HITRUST CSF, Microsoft SSPA Attestation, Penetration Testing, GDPR, CCPA and more. In certain states, 360 Advanced may operate under the name of Hiestand, Brand, Loughran, P.A. to meet State Board of Accountancy requirements. To learn more about 360 Advanced, visit

For more information on compliance solutions, contact Jim Brennan at