Health Gorilla is SOC 2 Type 2 Certified

As part of our ongoing efforts to protect patient data, Health Gorilla has successfully completed Service Organization Control (SOC) 2 Type 2 certification with HIPAA/HITECH requirements. This certification ensures compliance with the leading industry standards for managing enterprise data.

SOC 2 Type 2 certification is an expansion on the SOC 2 Type 1 certification Health Gorilla already had in place.  The SOC 2 Type 2 report is an attestation of controls at a service organization over a minimum six-month period and reports on the description of controls provided by the management of the service organization, attests that the controls are suitably designed and implemented, and attests to the operating effectiveness of the controls.

Established by the American Institute of Certified Public Accountants (AICPA), the SOC 2 examination is designed for organizations of any size, regardless of industry and scope, by ensuring the personal assets of their potential and existing customers are protected.  SOC2 reports are conducted by independent auditors, who measure the availability, security, and integrity of an organization's unique data processing systems, and ultimately determine whether effective safeguards and controls are in place.

Whether it is in the digital health, government, or life insurance markets, protecting our customers' data is our top priority.  The successful completion of the SOC 2 Type 2 certification is yet another example of our ongoing commitment to providing the healthcare ecosystem with an advanced, innovative, and secure interoperability platform.  Whether customers are using Patient360, Lab Network or any of our other products, earning the SOC 2 Type 2 certification is just the latest example of how Health Gorilla is committed to protecting patient data against unauthorized access and assures our customers that cybersecurity, access controls, and data governance are key components of Health Gorilla's full suite of clinical data services.