Data Dimensions Compliance

The requirement for regulatory compliance in any industry is an ongoing and ever-changing reality. While a large portion of our client base is focused on HIPAA compliance, our IT professionals also have a wealth of experience serving our clients that must comply with regulations related to PHI, GLBA, PCI, Sarbanes-Oxley, FISMA and other regulatory initiatives.


Data Dimensions remains in compliance with state and federal security requirements and adheres to all appropriate industry standards in order to meet our mission of providing trusted continuity of service to our customers. Data Dimensions ensures regulatory compliance by integrating security and privacy into all phases of training and on-going, day-to-day operations.

Our privacy program addresses all elements of information privacy, compliance and preparedness to information security, electronic communications policies and procedures, computer security, user guidelines and security awareness. We monitor legislations, both at the federal and state levels, ensuring compliance with regulatory obligations.


In addition to securing confidential information, appropriate physical controls are in place to provide secure access to facilities and sensitive, controlled areas. Environmental controls for fire suppression, flood control, and HVAC are in place to protect critical systems and source data.

SOC 2, Type 2 audits and verification are performed annually by a third party.

Data Dimensions Is 100% HIPAA (Health Insurance Portability and Accountability Act) Compliant

HIPAA was enacted into law in 1996 and addresses the security and privacy of health information. The Privacy Rule establishes standards for the use and disclosure of Protected Health Information (PHI) – information about health status, provision of health care or payment for health care that can be linked to a specific individual (e.g. medical records).

Data Dimensions facilities are rated moderate under the Federal Information Security Management Act (FISMA). FISMA was legislated as part of the E-Government Act of 2002 and requires federal agencies to implement programs that provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor or other source.