Audit Summary
NEXO Group LLC • OHIP Level 5 Audit • Final report date: September 16, 2025
Confirming that Nexo Group LLC performed an audit of the Information System Boundary related to the MillinPro software and supporting infrastructure for compliance with the New York State Department of Health System Security Plan (SSP) Workbooks v5 Critical Controls. This audit was completed in mid-2025 with the final report issued on September 16, 2025, by Mr. Alex Figueroa, MBA HITRUST CCSFP, DoD CMMC-RP, CISA, CISM, CRISC, CGEIT, CDPSE.
After a thorough review of the MillinPro system and supporting infrastructure, Millin Medical attained a score of 97%. The Plan of Action and Milestones (POA&M) is in progress to address minor findings along industry-standard remediation timelines.
Governing Standards and Guidance
- NIST SP 800-53 Rev. 4 (Moderate) — csrc.nist.gov
- NIST SP 800-53A Rev. 4 (Moderate) — csrc.nist.gov
- New York State ITS/EISO Policies — its.ny.gov
- CIS Critical Security Controls — cisecurity.org
- HIPAA Security Rule (45 CFR Part 160) — hhs.gov
- CMS Information Security Assessment Procedure v2.0 — cms.gov
Contact
James Barrett
Chief Technology Officer, Millin Associates — MedSuite
Address2035 Lakeside Centre Way, Suite 180, Knoxville, TN 37922
Phone865-384-7865
NEXO Group LLC
AddressPO Box 16130, Rochester, NY 14616
Phone(585) 444-6033
PrincipalJohn M. Pennell