Lighthouse eDiscovery Achieves HIPAA and ISO 27001 Compliance

"Data security is of utmost importance to our clients," said Mark King, chief information officer at Lighthouse eDiscovery. "These assessments demonstrate our commitment to provide the most reliable security infrastructure to our clients. Our dedicated IT security team maintains sophisticated structural and environmental controls that evolve based on changing standards, new threat models, and client requirements."

HIPAA requires organizations engaged in handling electronic protected health information (ePHI) to implement the necessary systems, procedures, and policies to secure such information. Risk analysis and management is an ongoing process, in which compliant entities must regularly review records to track access to ePHI and detect security incidents, periodically evaluate the effectiveness of security measures, and regularly reevaluate potential risks to ePHI.

The stringent security assessment by an independent auditor reviewed Lighthouse's compliance in its data management, data hosting and data security operations in the following areas:

• Administrative safeguards
• Physical safeguards
• Technical safeguards
• Breach notifications

ISO 27001 is a globally recognized standard for the establishment and certification of an information security management system. The standard specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented ISMS within the context of the organization's overall business risks. It sets forth a risk-based approach that focuses on adequate and proportionate security controls that protect information assets and give confidence to interested parties.

These assessments were performed by Schellman & Company, LLC, an ANAB and UKAS accredited certification body based in the United States.

For more information about this announcement, please contact info@lhediscovery.com.