Compliance FAQ

Leading the industry in setting standards for safely securing your data

Jopari is compliant with state and federal security and privacy requirements. Jopari’s  Security and Privacy controls are based on the Federal Government  National Institute of Standards and Technology Framework Control Families (NIST ). In addition, Jopari is compliant with the National Automated Clearinghouse Associations EFT Rules as well as the CAQH CORE Phase III EFT and ERA Operating Rules. Jopari’s Compliance Risk Management Governance Program ensures our applications and business processes are certified annually for SOC 2 Type II, SOC Cybersecurity and Shared Assessment AUP Risk Management Evidence Based Certification by the American Institute of Certified Public Accountants (AICPA).

“How can I verify Jopari’s applications are secured and meet federal and state requirements?”

Our customers and regulators expect independent verification of security, privacy and compliance controls. Jopari undergoes an independent third party audit certification on a regular basis to provide this assurance. This means that an independent auditor has examined the controls present in our data centers, infrastructure and operations. Jopari  solutions has an annual audit for the SOC 2 Type II that cross references the following security and privacy  control standards that includes  HIPAA, FISMA, FEDRAMP, NIST , Cyber Security Framework, SIG, Cobit and GLB.

“Can I obtain a copy of Jopari’s Certification Audit report?”

The SOC 2 Type II report proves that our controls have been examined by an independent accountant. It represents the practitioner’s report on management’s assertion(s) that the entity’s business being relied upon is in conformity with the applicable Trust Services Principle(s), Security and Privacy Criteria.  For Inquires relating to Jopari’s SOC2 Type II certification, please contact for more information.

“What industry and standard setting organizations does Jopari Support?”

Jopari holds leadership positions in many of the following  industry and standard setting organizations that we support in an effort to facilitate stakeholder electronic data interchange adoption across all lines of healthcare business: