Compliance & Security

KO-Pay employs stringent, HIPAA compliant data protection policies to effectively safeguard your consumers' information.

FDCPA

Congress passed the Fair Debt Collection Practices Act, often referred to as the FDCPA, in response to abusive conduct by collection agencies, and concern that the abuses were causing an increase in the filings of personal bankruptcies. The purpose of the act is to provide guidelines for collection agencies, which are seeking to collect legitimate debts, while providing protection and remedies for debtors.

HIPAA

HIPAA is applicable to protected health information. Protected health information is any oral or written information about a patient that relates to the physical or mental condition of a patient. HIPAA applies to covered entities, which are statutorily defined as those entities, which receive, use or are exposed to protected, private patient health information. In order to comply with HIPAA, we have provided the ncessary measures to protect our patients' health information.

FCRA

The Fair Credit Reporting Act, FCRA, is a federal law that details how consumer credit information can be collected, given out, and used. Under the FCRA, consumers have a right to view information in their credit file and dispute inaccurate information.

KO-Pay is committed to keeping your privacy and data safe. We are proud to be SOC 2 TYPE II certified.

Developed by the American Institute of CPAs (AICPA), the Service Organization Control 2 is an auditing procedure that ensures we, as service providers, securely manage your data to protect the interests of your organization and the privacy of its clients. The report is based on five trust service principles: security, availability, processing integrity, confidentiality and privacy. The Type II report details the operational effectiveness of a service organization's system.

State Compliance

With clients from coast to coast, we are 100% compliant with state licenses, along with following closely to the laws in each state we service, to give you the peace of mind that your accounts are being handled to the highest standard.

Disaster Preparedness

  • Incident Response Plan
  • Dedicated employee disaster recovery facility
  • Ability to operate at full capacity in 48 hours
  • Crisis Response team in place
  • Remote dual data backup
  • Full battery and emergency generator system
  • Remote survivable phone switches
  • Access to complete inbound & outbound calling capacity

Security

  • Firewalls
  • 128 Bit data encryption
  • Collector call recording
  • Employee station authentication
  • Virus protection
  • HIPAA collector training and accountability systems
  • On-site third-party document destruction
  • Off-site secure water/fire proof backup clone operation