Safely Doing Business With Us

woman in business meetingAs a trusted healthcare partner, CareFirst understands that certification and attestation of our cybersecurity practices provides assurance we can confidently do business and focus on providing access to healthcare for healthier members, better businesses and stronger communities.

Maintaining robust cybersecurity protocols is essential in showing our commitment to the trust placed in CareFirst by our members, customers and partners.

Recognizing the value independent cybersecurity attestations provide, CareFirst holds ourselves accountable to adopting the following standards:

  • System and Organization Controls (SOC 2)
  • Payment Card Industry Data Security Standard (PCI DSS)
  • National Institute of Standards and Technology (NIST)
  • Health Insurance Portability Accountability Act (HIPAA) compliance
  • General Data Protection Regulation (GDPR)

Requesting Certification Information

Eligible accounts may receive copies of SOC 2 formal reports, attestations or other certification information by completing our Certification Request Form. If required, CareFirst will email you a Confidential Disclosure Agreement (CDA) before releasing the requested reports. Eligible accounts include:

  • New accounts performing their due diligence
  • Existing accounts that are out to bid (RFP)
  • Existing accounts requesting as part of an annual assessment

Certification Request Form

Please complete the form below and hit Submit to request certification information.

Are You a Current Customer? *

Acceptance of Confidentiality Terms: The documents you are requesting are confidential. Therefore, they may only be used for internal purposes and may not be further distributed or published without express approval from CareFirst. By submitting this form, you understand and agree to comply with these conditions and can proceed to request the content.