Compliance & Security


The requirement for regulatory compliance in any industry is an ongoing and ever-changing reality.

While a large portion of our client base is focused on HIPAA compliance, our IT professionals also have a wealth of experience serving our clients that must comply with regulations related to PHI, GLBA, PCI, Sarbanes-Oxley, FISMA and other regulatory initiatives.

Data Dimensions ensures regulatory compliance by integrating security and privacy into all phases of training and on-going, day-to-day operations. We monitor legislations, both at the federal and state levels, ensuring compliance with regulatory obligations.

In addition to securing confidential information, appropriate physical controls are in place to provide secure access to facilities and sensitive, controlled areas. Environmental controls for fire suppression, flood control, and HVAC are in place to protect critical systems and source data.

Contact Us


HITRUST CSF Certified status demonstrates that Data Dimensions workflow and content management platform, Dimensions360, has met key regulations and industry-defined requirements and is appropriately managing risk. By including federal and state regulations, standards and frameworks, and incorporating a risk-based approach, the HITRUST CSF helps organizations address these challenges through a comprehensive and flexible framework of prescriptive and scalable security controls.

SOC 2, Type 2 audits and verification are performed annually by a third party.
Data Dimensions is 100% HIPAA Compliant. HIPAA was enacted into law in 1996 and addresses the security and privacy of health information. The Privacy Rule establishes standards for the use and disclosure of Protected Health Information (PHI) – information about health status, provision of health care or payment for health care that can be linked to a specific individual (e.g. medical records).
Data Dimensions facilities are rated moderate under the Federal Information Security Management Act (FISMA). FISMA was legislated as part of the E-Government Act of 2002 and requires federal agencies to implement programs that provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor or other source.