Truesight software Patient information management interface

SOC 2 Certified DME Billing Software: Audit-Ready. Trustworthy.

Choosing DME billing software is a big decision. SOC 2 certified means we’ve answered the hard security questions for you.

TrueSight by Medbill is SOC 2 certified, independently audited and verified by a third-party firm across service criteria that mean you can entrust your DME billing operation without hesitation.

Built for the Compliance Demands of DME Billing

When billing software has gaps, you feel them in your cash flow, in your reporting, and sometimes in an audit you weren’t ready for.

Most conversations about software security stop at keeping unauthorized people out. For you and your billing platform, it’s only half the question. The other half is: can the software prove that the data it processes is accurate, complete, and fully traceable?

Our SOC 2 Certification Answers, “YES.”

professionals discussing information at a laptop in a bright office

SOC 2 Certified Across Four Trust Service Criteria

SOC 2 is a framework developed by the American Institute of Certified Public Accountants (AICPA). It defines specific standards, called Trust Service Criteria, that a software company’s systems must meet before a qualified third-party auditor will issue certification.

Companies can choose which of the five total trust service criteria to pursue. TrueSight earned certification across four:

Security

Controls protect TrueSight’s systems and your data from unauthorized access, threats, and breaches. This is the baseline requirement for any SOC 2 certification, and the only one most DME software vendors pursue.

Confidentiality

Sensitive business and patient information is protected with formal controls governing how data is stored, accessed, and shared.

Availability

TrueSight’s systems are monitored and maintained to meet defined uptime commitments. Your billing operations depend on the platform being there when you need it.

Processing Integrity - What Sets Us Apart

The system processes your data accurately, completely, and without error. What you put in is what you get out. Every transaction is traceable.

For a billing platform managing thousands of claims and payment transactions per month, this is the most consequential standard of all. Not every DME billing platform has pursued this as part of their SOC 2 certification (just ask them).

We built this the way we did because we’ve lived it—running a DME billing operation. That experience shaped every decision we made. It’s why uptime, accuracy, and audit trails aren’t afterthoughts here.

Two professionals smiling and collaborating

How Do You Know When DME Billing Software Has Processing Integrity?

Ask a vendor to show you if their DME billing platform can produce an accounts receivable (AR) roll forward: an accounting technique that tracks changes in the AR balance from the start of a period to the end.

TrueSight produces this report. IF the others can’t produce it, their data integrity has a gap.

Our SOC 2 certification verifies the underlying data is accurate and complete.

HIPAA Compliant by Design

TrueSight’s HIPAA compliance is built into the architecture of the system — not added as an afterthought. That means your PHI is protected, your access controls are enforced, and your audit trail is always intact.

PHI Protection

Patient data is encrypted in transit and at rest. Access is governed by role-based permissions, so only the right people can see the right information.

Access Controls & Audit Logging

Every action inside TrueSight is logged. You have a complete record of who accessed what and when — the documentation foundation you need if a payer, a plan, or a government agency ever asks.

Business Associate Agreement (BAA)

As a vendor that handles PHI on your behalf, MedBill operates as a Business Associate under HIPAA.
Contact us to discuss BAA terms for your organization.

An On-Call IT Department

From system patching and remote support to ongoing monitoring and IT strategy, we deliver the benefits of a dedicated in-house IT team without the overhead.

Access Controls & Audit Logging

Every action inside TrueSight is logged. You have a complete record of who accessed what and when — the documentation foundation you need if a payer, a plan, or a government agency ever asks.

Business Associate Agreement (BAA)

As a vendor that handles PHI on your behalf, MedBill operates as a Business Associate under HIPAA.

Contact us to discuss BAA terms for your organization.

Customer service IT representatives with headsets talking to customers

Compliance That Covers Your Business, Not Just Our Software

For smaller DME operations especially, regulatory compliance can feel like a weight no one person is equipped to carry. HIPAA. CMS. Payer documentation requirements.

Any of these can turn into a costly problem if the software underneath isn’t doing its job correctly.

TrueSight’s SOC 2 certification is independent, third-party-verified assurance that the platform you’re trusting with your revenue cycle has been built and operates at a standard that holds up under scrutiny.

When auditors come, you want answers ready. TrueSight is designed to give you those answers.

Frequently Asked Questions (FAQs)

Can we request a copy of TrueSight's SOC 2 report?

Yes. Our SOC 2 audit report is available to any organization evaluating TrueSight. We’d love to send it to you directly.

Does TrueSight's security also protect me during a CMS or OIG audit?

Yes. Because every transaction in TrueSight is logged and traceable, you can respond to a CMS or OIG audit with complete, accurate records.

How does TrueSight handle vulnerability management and security testing?

TrueSight’s SOC 2 certification includes controls covering risk assessment, system access, and ongoing monitoring. Our security posture is maintained continuously.

How is TrueSight different from other DME billing software when it comes to security?

Most DME billing platforms stop at Security, the minimum requirement for SOC 2 certification. TrueSight went further. We’re certified for Processing Integrity as well, which means an independent auditor has verified that our system processes your billing data accurately, completely, and without gaps. That’s the standard that speaks directly to your cash flow, and it’s one most platforms in this space haven’t been willing to pursue.

Is TrueSight HIPAA compliant?

Yes. TrueSight is built to be HIPAA compliant. Patient data is encrypted, access is role-based, and every action in the system is logged.

Is TrueSight SOC 2 certified?

Yes. TrueSight by MedBill is SOC 2 certified across four Trust Service Criteria: Security, Availability, Confidentiality, and Processing Integrity. Certification was issued following an independent third-party audit.

What does SOC 2 certification actually mean for my DME business?

It means an independent, third-party auditing firm reviewed how TrueSight is built and how it operates and verified that it meets a defined standard for protecting and accurately processing your data. For your DME business, it means the platform running your revenue cycle has been checked by someone outside our organization. You’re not taking our word for it.