Home/Subprocessors

ASP-RCM Vendor Transparency

Subprocessors

Service providers ASP-RCM Solutions uses to operate. We sign a BAA with every vendor that touches PHI and a DPA with every vendor that touches personal information. Last reviewed: May 2026.

Note for site owners. This list is a working template. Before publishing, Compliance + Legal must confirm every row, fill in the actual vendors in current use, and remove any that aren't. The structure below mirrors what enterprise procurement teams expect. vendor, role, data category, region, and whether a BAA is executed.

Subprocessors with access to PHI

The following vendors process Protected Health Information on behalf of ASP-RCM. Each has a current Business Associate Agreement.

Vendor Purpose Data category Region Status
[Cloud hosting provider] Production application hosting, encrypted storage PHI, EDI 837/835 US BAA executed
[EDI clearinghouse] Claim submission and remittance routing PHI, claims US BAA executed
[Practice management integration platform] EHR / PM connectivity PHI, schedule, charges US BAA executed
[Secure file transfer] SFTP exchange of encrypted PHI files PHI US BAA executed

Subprocessors without access to PHI

The following vendors support our business operations but do not receive PHI. Each has a Data Processing Agreement.

Vendor Purpose Data category Region Status
Google (Workspace + GA4) Email, document collaboration, anonymized website analytics Business contacts, IP (anonymized) US DPA, no PHI
Microsoft (Clarity) Anonymized website session analytics IP (anonymized), session metadata US DPA, no PHI
[CRM provider] Sales pipeline, prospect contact records Business contacts US DPA, no PHI
[Email delivery provider] Transactional and opt-in marketing email Business email addresses US DPA, no PHI
Web3Forms Contact form submission relay Form fields you submit US DPA, no PHI

Change notifications

Before adding any new subprocessor that will access PHI, we provide affected clients at least 30 days' written notice with the right to object. To subscribe to subprocessor change notices, email [email protected] and ask to be added to the list.

Audit and assurance reports

Current SOC 2 Type 2 report and ISO 27001 certificate are available under NDA from your account team or by writing to [email protected].

This page is informational. The vendors listed here support specific contractual relationships under signed BAAs and DPAs; nothing on this page modifies any executed contract.