Data Collection & Usage
VendorProof aggregates vendor data for exclusion monitoring and TIN validation purposes which we then provide back to our clients. In collecting primary source data from vendors we are able to highlight discrepancies in the client data on their vendors which ensures completeness and accuracy of data for compliance monitoring against Federal and State agencies' exclusion lists.
For checking against exclusion sources, VendorProof uses unique identifiable information, such as first and last name, business name, national provider index number (NPI), and/or social security number(SSN)/employer tax identification number (EIN), to determine a possible match or no match on the Federal and State agencies' exclusion lists. This helps reduce the risk of fines and penalities for our clients.
Our datacenter is PCI, HIPPA, and ISO 27001 certified. It is FedRAMP compliant and has received a SOC 1 and SOC 2 audit. Our main goal is to secure all data through proper encryption methods; we do, however, also track logins and only users with the highest access privilege are allowed to access sensitive information.