DME providers handle sensitive data on every single claim: patient demographics, physician documentation, insurance information, and Protected Health Information (PHI). At the same time, reimbursement rules under CMS are constantly shifting, which means the accuracy and security of your billing platform is a business-critical one.
That’s why we pursued SOC 2 certification for TrueSight, MedBill’s proprietary DME billing platform. TrueSight is now SOC 2 certified, independently audited and verified by a qualified third-party firm. Here’s what that means and why it matters for your operation.
What is SOC 2 Certification?
SOC 2 certification defines standards, called Trust Service Criteria, that a software company’s systems must meet before an independent auditor will issue a certification.
There are five Trust Service Criteria:
- Security: protection against unauthorized access and threats
- Availability: system uptime and reliability
- Processing Integrity: accurate, complete, and error-free data processing
- Confidentiality: controls over how sensitive data is stored and shared
- Privacy: management of personal information
Companies don’t have to pursue all five. Earning any of them requires documented controls, consistent processes, and a review conducted by a qualified external auditor, not a self-assessment.
SOC 2 Type I vs. Type II: What’s the Difference?
There are two levels of SOC 2 certification, and they measure different things.
- SOC 2 Type I evaluates whether the right controls and safeguards are formally in place at a specific point in time.
- SOC 2 Type II evaluates whether those controls actually work, consistently and effectively, over an extended period of time, typically 90 days or more.
TrueSight has pursued both Type I and Type II certifications, which means our controls have been evaluated not just for design but for real-world, sustained performance.
Which Criteria Did TrueSight Pursue?
TrueSight earned SOC 2 certification across four of the five Trust Service Criteria: Security, Availability, Confidentiality, and Processing Integrity.
Most DME billing software vendors that hold a SOC 2 certification are certified for Security only, the baseline requirement. TrueSight went further by including Processing Integrity.
Processing Integrity means the system processes your data accurately, completely, and without error. In billing terms: what goes into TrueSight is what comes out. Every transaction is traceable. Your accounts receivable records are complete and accountable from beginning balance to ending balance.
For a platform that manages your entire revenue cycle, that’s not a nice-to-have. It’s the standard your software should be held to.
What This Means If You’re Already a TrueSight User
Your day-to-day workflows won’t change. SOC 2 certification is an independent verification of how the system is built and operates.
What does change is what you can say with confidence about the platform running your billing operation: that it has been reviewed by an independent third party and verified to protect your data and process it accurately.
For business owners using TrueSight data to make forecasting and planning decisions, that second part is especially significant.
Built for One of Healthcare’s Most Compliance-Heavy Environments
DME providers operate in one of the most documentation-intensive, audit-sensitive corners of healthcare. CMS documentation requirements, payer audits, and OIG oversight mean the margin for error in billing data is essentially zero.
TrueSight’s SOC 2 certification is independent assurance that the platform is built to meet that standard. Not just by our own assessment, but by an external auditor’s.
If you have questions about what this means for your organization, or want to request a copy of our SOC 2 report, reach out to the MedBill team or visit our Security & Compliance page