Carrier achieves formal validation of HIPAA, HITECH and PCI DSS 2.0 compliance
LITTLE ROCK, Ark. – Windstream (NYSE:WIN, news, filings), a leading provider of advanced communications, today announced that BrightLine CPAs & Associates Inc. has certified its data centers and network comply with federal and industry standards for protecting consumers’ private health and financial data.
BrightLine found that Windstream complies with federal HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) regulations. The HIPAA Privacy, Security and Breach Notification rules protect the privacy of patient health information and require covered entities and their business associates to take specific action to protect electronic health information when it is being processed, transmitted or stored in the data network.
Over a six-month period, Windstream worked with BrightLine, a globally accredited Qualified Security Assessor firm that provides assurance and compliance services, to evaluate Windstream’s systems and training processes. BrightLine found that Windstream has adopted the essential elements and requirements of the 2003 HIPAA and HITECH final security rule, including but not limited to administrative safeguards, physical safeguards, technical safeguards and breach notifications.
“We have undertaken this strict examination to demonstrate and ensure that our systems are consistent with HIPAA and HITECH requirements, and that we are able to guarantee that both our employees and data centers meet the federal government’s stringent security requirements,” said Chris Nicolini, Windstream’s senior vice president of data center operations. “Completing this examination confirms the trustworthiness of our team, products and services and we are committed to performing this examination year after year, in order to maintain compliance and the trust of our customers.”
“In today’s security threat landscape, a service provider’s ability to secure their customers’ data has become foundational to a managed hosting architecture and solution,” said Al Sadowski, Research Director at 451 Research. “HIPAA and HITECH compliance for hosted data centers, coupled with PCI DSS 2.0 certification, provide customers with the assurance that a provider’s network and hosting environment meet a higher standard of data security and protection. This assurance is especially important for sectors such as healthcare, retail and financial services which operate with highly sensitive data requiring fortified transport and storage.”
BrightLine also performed Windstream’s network Payment Card Industry Data Security Standard (PCI DSS) version 2.0 assessment, validating its status as a “Level 1-certified” service provider, the highest certification achievable. Windstream can now process and transmit an unlimited amount of transactions annually. To maintain the highest standard of compliance, Windstream will independently scan for network threats and conduct annual audits with BrightLine.
PCI DSS is a comprehensive set of standards that requires all merchants and service providers that store, process or transmit customer payment card data to adhere to strict information security controls and processes. Designed to prevent credit card fraud, the standards include 12 requirements that encompass security management, policies and procedures, physical security, network architecture, user access management, network and systems monitoring and software development. The certification reflects Windstream’s full compliance with the PCI DSS.
Windstream offers a full suite of advanced network communications and technology solutions, including cloud and data center services, voice and network services such as virtual data centers, managed network security, unified communications, VoIP, SIP trunking, MPLS, and dedicated high-speed Internet, designed to help businesses increase productivity and improve operational costs.
Windstream (NASDAQ: WIN), a FORTUNE 500 and S&P 500 company, is a leading provider of advanced network communications, including cloud computing and managed services, to businesses nationwide. The company also offers broadband, phone and digital TV services to consumers primarily in rural areas. For more information, visit www.windstream.com.