Security at Its Finest

RevSpring's security and complianceRevSpring specializes in engagement and payment solutions for healthcare and accounts receivables management — industries where compliance and regulation knowledge and expertise is critical. We understand what it takes to back our solutions with the security you can trust.

Our comprehensive, independently validated security certifications give you peace of mind. We understand the importance of protecting consumer information and have made a significant investment in our IT infrastructure and internal processes.

Payment Security

Not only are RevSpring solutions PCI compliant, we offer payment solutions that reduce your PCI compliance scope. Certifications include:

  • PCI DSS v3.2.1
  • SSAE 18, SOC 2 Type II
  • PCI P2PE
  • EMV-Card Present

Proven Compliance and System Integrity

RevSpring is committed to ensuring system security and availability for our clients.

  • FISMA (NIST 800-53 Revision 4)
  • Nevada Personal Information Law NRS 603a and Senate Bill No. 227
  • Massachusetts 201 CMR 17.00: Standards for the Protection of Personal Information of Residents of the Commonwealth

We go the extra mile to ensure the reliability of the systems you and your customers rely on:

  • 99.9% system uptime/availability
  • Encryption of all data at rest and during transit
  • Highly segmented network infrastructure with state-of-the-art firewalls
  • PGP/GPG encryption and FTP/S, SFTP, and HTTP/S file transfers
  • Security audits and logins with on-demand reporting to ensure ongoing website, consumer data, and internal support integrity
  • Forced SSL encryption using 2048-bit RSA and SHA-256 key lengths
  • Third-party network security scans
  • Strong password requirements with specific length and character requirements and a visual indication of password strength
  • IP-based access restriction that specifies IPs or a subnet of IPs to limit access to a provider’s facility or facilities (optional)
  • State-of-the-art Intrusion Prevention System for blocking brute force attacks

Security Measures for Healthcare Clients

All aspects of our business are structured with HIPAA compliance in mind. RevSpring’s HIPAA attestation is externally validated on an annual basis. RevSpring’s Compliance Officer, who ensures that compliance measures are ongoing and integrated within our daily activities, also conducts mandatory annual HIPAA training for all employees.

Secure Patient Authentication
RevSpring provides flexible patient authentication options, including support for:

  • Single Sign On (SSO) login using pre-existing methods for patient authentication
  • Unique security code plus personal identifiers (2 factor authentication)
  • One time “Guest” payments without any authentication or account creation (PHI is not presented with this option)
  • Anti-hacking with CAPTCHA security measures

Business Continuity

Headquartered in Livonia, MI, RevSpring operates out of four state-of-the-art production, print, and mail facilities in Phoenix, AZ; St. Paul, MN; Oaks, PA; and Nashville, TN, with additional technology and customer care centers located in Ann Arbor, MI; Arden Hills, MN; Hamilton, NJ; Melville, NY; and Newark, OH. We also utilize Rackspace for eServices, with locations in Las Vegas, Seattle, Chicago, and Virginia.

Finally, we maintain separate Tier III data centers in Minneapolis, MN and Nashville, TN. In the event of a disaster or outage, RevSpring has the infrastructure and documented Disaster Recovery plan to continue business at our non-affected facilities.