Quality, Security & Certification

iRhythm Technologies, Inc. is a responsive provider of innovative healthcare information services for continuous ambulatory cardiac monitoring that meet or exceed the quality expectations of our customers and industry.

Our Commitment

  • Continuously improving our quality management system
  • Comply with all applicable regulatory requirements, and
  • Deliver excellence to customers through our products, processes, service and data.

Quality

Quality means a lot of things to different people.

We defined the optimum level of quality as one that reliably meets or exceeds the expectations of customers and regulators while maximizing competitive advantage and shareholder value.

iRhythm Quality Management System NSAI Certificate

Quality Management System

iRhythm Technologies, Inc. is a ISO 13485 certified company.

From ISO.orgSafety and quality are non-negotiables in the medical devices industry. Regulatory requirements are increasingly stringent throughout every step of a product’s life cycle, including service and delivery. More and more, organizations in the industry are expected to demonstrate their quality management processes and ensure best practice in everything they do.

iRhythm Joint Commission Accreditation
 

The Joint Commission

iRhythm Technologies, Inc. has earned The Joint Commission’s Gold Seal of Approval® for Ambulatory Health Care Accreditation by demonstrating continuous compliance with its nationally recognized standards. The Gold Seal of Approval® is a symbol of quality that reflects an organization’s commitment to providing safe and effective patient care.

Please visit The Joint Commission for more information on their Accreditation, Certification and Standards.

Security

The Zio XT patch is a device that records heartbeat data. All electronic health data are stored on the device itself and are not transmitted through any non-secure or non-encrypted channels.

iRhythm Technologies, Inc. uses industry best practices that ensure the security, integrity and availability of data. Hosted at Amazon Web Services, our infrastructure is highly durable, scalable and secure. We develop, manage and maintain all proprietary software, systems and associated security.

We are dedicated to exceeding our customer’s expectations with respect to protected health information privacy and security by adhering to all relevant security requirements.

As participants in patient health care, we are committed to maintaining the privacy of Protected Health Information (PHI) as directed by applicable federal and state law. Our full Notice of Privacy Practices, found at irhythmtech.com/content/privacy, describes our privacy practices, our legal duties and rights concerning PHI.

Please click here for an overview of our security practices. 

iRhythm Security

Security

  • HIPAA compliant
  • NIST Federal Information Processing Standard (FIPS) 140-2 validation
  • Data encrypted in motion and at rest (HTTPS, AES- 256)
  • Role-based access controls
  • 24/7 monitoring
  • Secure facilities (SOC 2)
  • Regular penetration and vulnerability testing 
iRhythm Auditing

Auditing

  • Comprehensive audit logging and alerting framework
  • Activity tracking
  • Regular risk assessments
iRhythm Cloud-Based 

Cloud-Based

  • AWS EC2 platform on private, dedicated hardware
  • HL7-based EHR integration
  • No on-premise hardware
  • Highly scalable
iRhythm Availability 

Availability

  • Highly durable, geographically distributed architecture
  • Scalable, virtualized server environment
  • Redundant systems, no single point of failure
  • Encrypted backups with offsite replication
iRhythm Policies and Procedures 

Policies and Procedures

  • Extensive internal policy, procedure and operational controls
  • Business Continuity Plan, including virtualization, cloud computing and dual site configuration
  • Incident Response policy and procedures
  • Business Associate Agreements with all vendors
  • Strict change control procedures
  • Security patch management program
  • Security-focused source code review & testing

Certification

Independent Diagnostic Testing Facility (IDTF)

iRhythm's sophisticated IT infrastructure and systems are designed to help physicians and their staff provide care for their patients, including:

  • Multiple options for enrolling patients: web or phone
  • Notifications based on individual account-specific criteria
  • Simple, intuitive patient reports
  • Device training for patients and staff
  • A paperless patient reporting system

All diagnostic data collected by the Zio monitor are analyzed by Certified Cardiographic Technicians at the iRhythm Clinical Centers (iCC), Independent Diagnostic Testing Facilities (IDTF). The iCC are staffed 24/7 and offer translation services in more than 170 languages. As IDTF, the iCC adhere to Medicare Independent Diagnostic Performance Standards. These standards (42 C.F.R. section 410.33) can be found in their entirety at the Centers for Medicare & Medicaid Services website.

FIPS 140-2 Validation

Zio by iRhythm has received the National Institute of Standards and Technology’s (NIST) Federal Information Processing Standard (FIPS) 140-2 validation. While currently meeting all commercial requirements for data encryption, the FIPS validation achieves an added level of security required by specific government healthcare agencies. This effort further demonstrates iRhythm’s continued commitment to patient privacy and data security. iRhythm’s security validation is available on the NIST website, certificate number #3118.

CONTACT US FOR MORE INFORMATION