PRC’s Security Program
PRC maintains a comprehensive information security and privacy program to protect information assets, confidential information, and Protected Health Information (PHI) from accidental or unauthorized access, modification, destruction, or denial of use. Security controls are sufficient to ensure the confidentiality, availability, privacy, reliability, and integrity of our partner’s data and compliance with all regulations concerning the Health Insurance Portability and Accountability Act (HIPAA). The PRC Board designated Compliance, Security & Safety Committee oversees the security program and PRC’s compliance with its security policies and applicable regulations.
PRC’s security program and policies are based on the Health Information Trust Alliance (HITRUST) Common Security Framework (CSF). The CSF incorporates the requirements of applicable standards bodies and regulations including NIST, ISO, CIS, COBIT, CMS, FISMA, HIPAA, and HITECH. HITRUST also includes internal controls covering the Trust Service Principles Framework for security, availability and confidentiality of client data managed by service organizations required by the Statement on Standards for Attestation Engagements 18 (SSAE 18), Service Organization Controls (SOC) 2 put forth by the AICPA.
The scope of the program includes applicable security requirement statements covering nineteen security domains required to meet HITRUST Certification.
The security of the data entrusted to us by our clients is the highest priority for PRC. To assure clients that PRC maintains an effective information security program, PRC has third-party assessments performed annually to validate that compliance objectives are met regarding our policies, controls, and safeguards to protect customer data. PRC has aligned to the AICPA SSAE 18 System and Organization Controls and has undergone an evaluation by a qualified independent assessor against the common criteria of the SOC 2 Type II Trust Principles for Security, Availability and Confidentiality as well as additional HITRUST controls. A SOC 2 Type II + HITRUST assessment report was created from the audit against these principles and controls. PRC is pleased to share the SOC 2 Type II + HITRUST report with customers under agreement. Additionally, a SOC 3 + HITRUST report, which is a summary of the SOC 2 Type II + HITRUST report, is available to other parties and prospective clients not yet under contract. To obtain a copy of either report, please contact your sales representative or email [email protected].
In general, you may visit our website without providing us with any personal information. However, we may collect information from you in several ways, including but not limited to, the following:
- You may choose to complete certain response forms to register for an event or to request additional product information. Through these response forms you may be asked or required to submit your name, email address, phone number, title, employer and address.
- The information we collect includes IP (Internet Protocol) address, browser type, operating system, ISP (Internet Service Provider), time stamps, and other similar types of data. We use the information collected to track and analyze usage and volume statistics, including page requests and form requests. This information may also be used to provide technical support or improve the services we provide to customers.
- We may also collect personal data provided as part of an order for services, or through registration or completion of forms or e-mails.
- You may provide additional information by participating in optional online surveys presented by PRC or on behalf of a healthcare system or other organization. PRC uses the information collected to respond to your requests for information, to manage events and to analyze use of our website.
- In using the information we collect, PRC abides by the following principles:
- We require any person or organization providing products or services on our behalf to agree to maintain the confidentiality of the information we or they collect from you.
- We will not sell or otherwise provide your individually identifiable information to any third party without your consent, unless legally required to do so.
- We may use your individually identifiable information, including contact information, in other ways including providing you with unrequested information and offers via email, phone or physical mail.
Any information you provide will be used for authorized purposes only. We will not sell or otherwise provide this information to third parties without your consent, unless we are legally required to do so.
If you have any questions about this privacy statement, the practices of the website(s), or your dealings with the website(s), please email [email protected]. You may also send a letter to:
Professional Research Consultants, Inc.,
ATTN: Chief Information Security and Privacy Officer
11326 P Street
Omaha, NE 68137
The web sites are created, owned, and controlled by and the exclusive copyright of Professional Research Consultants, Inc. unless otherwise stated. Unauthorized use of content or materials from the website(s) is prohibited. This Policy and the use of the services are governed by Nebraska law. Any claim related to this Policy shall be brought in a court of competent jurisdiction located in Douglas County, Omaha, Nebraska or the United States District Court for the District of Nebraska. You hereby consent and submit to the personal jurisdiction of any such court and waive any objection as to the venue of those courts as the most convenient and appropriate for the resolution of disputes concerning this Policy.
Latest update May 2022.