Jopari ProPay®

Compliance and Security Risk Management Program Overview
 

Jopari’s ProPay Products and Services comply with state and federal security, privacy and payment regulations. These requirements include, but are not limited to (1) building and maintaining a secure network (e.g., maintaining a firewall configuration to protect data), (2) protecting  data (including encryption of transmitted and stored data), (3) maintaining a vulnerability management program, (4) implementing access control measures, (5) regularly monitoring and testing networks (6) maintaining  information security and privacy policies (7) fraud detection and prevention and (8) industry payment best practices. The following is an overview of Jopari’s ProPay compliance and security risk management program.

Regulatory Compliance and Annual Independent Third-Party Audit Certifications

Jopari is a SOC Certified organization that is audited annually by an independent certified public accountant (AICPA accredited). The purpose of the compliance risk management audits is to verify that Jopari has established and follows strict information security policies and control procedures encompassing the security, availability, processing, integrity, and confidentiality of customer data as required by regulations and industry payment best practices. The Audit Certification include the following reports, that are available for review upon request:

Jopari Certification Audit Reports

  • SOC 2 Type II Audit Certification
  • SOC 3 Cybersecurity Audit Certification
  • Shared Assessment AUP Risk Management Evidence Based Audit Certification

Regulatory Compliance

Jopari ProPay regulatory program keeps you in compliance with federal mandated payment regulations, such as OFAC, FFIEC, KYC, Beneficial Ownership and other requirements. We are able to proactively validate business and entity identification in real time at the time of enrollment, across multi government data bases to ensure regulatory compliance by utilizes the ECHO’s Payment Model Risk Management Engine. This robust automated identity verification engine provides clients with improved accuracy and a reduction in the number of false positives. The following is an overview of Jopari’s regulatory payment compliance program.

Fraud Detection and Prevention Risk Management Controls
Jopari’s fraud detection and prevention risk management controls consist of a multi- tier defense strategy to be able to quickly identify fraudulent activity. We use the ECHO Payment Model Decision Engine to be able to deploy a combination of artificial intelligence fraud risk monitoring and prevention controls to prevent fraud at each processing touch point in the payment process. The following is an overview of Jopari’s multi- tier defense risk management controls

  • Enrollment – Real Time Risk Management Controls
    • Verify bank account ownership and identify verification at the point of enrollment
    • 24/7 Automated monitoring controls at every touch point to manage client enrollment and identify any changes in existing
      accounts to prevent identify fraud and or account breach attempts
  • Payment – Real Time Risk Management Monitoring Controls
    • Verify bank account status in real-time prior to one-time or reoccurring debits to reduce NSF and administrative returns
    • Verify bank account ownership and client identity verification prior to paying out disbursement.
    • Automated Red Flag Alerts to identify in real time inaccurate data, including name, addresses, and phone numbers to
      mitigate false declines
    • Multi- factor authentication controls are used as an additional layer of control for identity verification

Data Security Risk Management and Monitoring Prevention Controls

  • Jopari’s Security Risk Management Controls are based on the Federal Government National Institute Standards and Technology Security Standards:
  • Jopari uses TLS1.2 and AES- 256  encryption with DigiCert Certificates to provide trusted, secure connectivity at every transaction touch point (digicert.com)
  • 24/7 IDS Intrusion detection that monitors network security  
  • Host IDS monitoring of operating system
  • Secure, Redundant Data Centers that are geographically dispersed
  • Annual SOC 2 and SOC Cybersecurity Audits to ensure compliance with federal and state security regulations and industry best practices
    • Business Continuity and Disaster Recovery Plan tested annually
  • Forensic Policy and Procedures and Data Loss Prevention Automated Monitoring
  • All Jopari employees are required to complete annual regulatory Security and Privacy Compliance Training and Certification
  • Jopari since founded in 2003, has never had any Breach Incident History.

 

Additional Jopari ProPay Services

  • Flexible EDI Electronic Remittance Solutions
    • Jopari provides flexible EDI solutions based on the provider’s technology ability (low tech to high tech) to deliver the Electronic Remittance Advise (ERA) in a format that can be consumed by their practice management and revenue cycle management processes based upon the payment method selected.
  • Explanation of Benefits (EOB) and Electronic Remittance Compliance Solutions
    • Jopari Maintains and Monitors State ERA and EOB Payment Regulations
    • Compliance Data Mapping to State EOB Formats
      Jopari’s ERA process also includes compliance mapping of your payment summary data, to accommodate for those states that have mandated paper Explanation of Benefit (EOB) format requirements, such as Florida
    • Compliance Mapping for Payer Proprietary Claims Adjudication Reason Codes
      Jopari ERA services also includes coordination with your claim adjudication staff and or bill review vendor to assist in mapping your proprietary claims adjustment reason codes to:
      • National ANSI Claim Adjustment Reason Codes (CARC) and Remittance Advice Remark Codes (RARC) that are required to generate a compliant ASCX12 835
      • To the State mandated Claims Adjustment Reason Codes to generate a compliance state EOB
    • Access to Jopari Compliance Services and Industry Experts
      • Compliance Team is proactively engaged in payment and industry regulatory rule making at the State and Federal Level
      • National Security Committees and National Standard Setting Organizations
        • Private Sector Incident Response Team – US Department of Homeland Security
        • US CERT Private Sector Incident Response Team
        • HHS Cybersecurity 405 (d) Task Force Committee
        • NACHA Health Care Committee
        • National Institute for Standards and Technology (NIST) Review Committee
        • CAQH CORE Security and Connectivity Committee
        • Chair National Clearinghouse Cybersecurity and Privacy Committee
        • IAIABC, International Workers’ Compensation Standards Organization
        • National CODE CARC Committee – National Workers’ Compensation Industry Voting Representative
        • WEDI Co Chair Property and Casualty Workgroup
        • ASCX12 N Insurance Board – Accredited Standards Committee
        • National Clearinghouse Association – Past Chair and Board Member
        • HL7 International Attachment Standards Organization