Trust & Certifications

Secure, compliant revenue cycle and practice management software for enterprise healthcare organizations.

Open Practice Solutions (OpenPM) delivers secure, audited revenue cycle practice management software trusted by healthcare organizations since 2005.

Hosted on Amazon Web Services
OpenPM operates on secure, audited cloud infrastructure designed for high availability, redundancy, and resilience.

SOC 2, Type 2
Independently audited controls verifying security, availability, confidentiality, processing integrity, and privacy.

All certifications are independently audited and validated annually.

HITRUST Certified
A comprehensive healthcare security framework demonstrating alignment with rigorous regulatory and risk management standards.

HIPAA Compliant
OpenPM supports HIPAA compliance and executes Business Associate Agreements (BAAs) with healthcare organizations.

SOC 1, Type 2
Validates operational and financial controls that impact clients and partners.

Serving Healthcare Since 2005

Open Practice Solutions was founded in June 2005 with a singular focus: building reliable revenue cycle technology for healthcare organizations.

For nearly two decades, OpenPM has supported organizations across the healthcare ecosystem, including:

  • Independent practices

  • Multi-location & specialty groups

  • Revenue cycle management (RCM) and medical billing companies

  • Enterprise and multi-entity healthcare organizations

  • Organizations operating complex or multi-databases environments

Our long-standing focus on revenue cycle operations has helped practices and billing organizations manage claims, payments, reporting, and financial workflows with stability and confidence.

Open Practice corporate headquarters in Hudson, Ohio

Frequently Asked Questions

  • Yes. We execute BAAs with covered entities and business associates as required.

  • Yes. Customer data is encrypted in transit and at rest. Backups are encrypted and stored in segregated secure environments.

  • We use role-based access controls (RBAC), unique user authentication, restricted administrative privileges, and formal access review processes.

  • Yes. Production environments are replicated to separate locations, and we maintain formal business continuity and disaster recovery planning.

  • Yes. SOC reports, management assertion letters, and additional compliance documentation are available under NDA upon request.

Additional Documentation & References

For enterprise evaluations, OpenPM can provide:

  • SOC 1 and SOC 2 reports (under NDA)

  • HITRUST documentation

  • Security white paper

  • Executive compliance letters

  • Enterprise-level client references