Security is a top of mind awareness item. Metro undergoes a rigorous testing schedule to protect Data security, Physical Security and Employee security. The rigorous testing schedule has allowed Metro to be verified by an independent third-party audit as compliant for HIPAA and SSAE 16 Type II and SOC Type II controls. The Health Insurance Portability and Accountability (HIPAA) Security Rule is a national standard set for the protection of consumers’ Protected Health Information (PHI). The PHI that an organization manages must be protected from anticipated breaches by a mandated Risk Assessment and the implementation of appropriate Physical, Administrative, and Technical Safeguards. Metro’s compliance with HIPAA requirements has been verified by an independent third-party audit to ensure against the unauthorized disclosure of PHI. Many of Metro’s clients rely on our systems to process or store sensitive data. Our SSAE 16 Type II third-party attestation report verifies that we have implemented proper internal controls and processes to deliver high quality services to our clients. Our SOC 1 Type II audit report includes Metro’s description of controls as well as the detailed testing of these control over a minimum six-month period by an independent third-party audit.