Security & Compliance

HIPAA-Compliant Storage

ClosedLoop adheres to the Health Insurance Portability and Accountability Act (HIPAA) and provides customers with HIPAA-compliant storage. ClosedLoop enters into business associate agreements (BAAs) with all relevant partners and customers to ensure HIPAA requirements are satisfied and create liability between parties. Ensuring that protected health information (PHI) is safeguarded and private is of the utmost importance to ClosedLoop.

HIPAA sets the standard for patient data, and entities dealing with PHI must be HIPAA compliant. The HIPAA Privacy and Security Rules are composed of national regulations for the use, disclosure, and protection of PHI. These rules establish specific security safeguards for compliance, categorized as administrative, physical, and technical requirements.

AICPA SOC 2 Type 2 Certified

ClosedLoop is SOC 2 certified. SOC 2 assessment was conducted through an independent technical examination performed by a third party. This examination was completed in accordance with attestation standards established by the American Institute of Certified Public Accountants (AICPA), and the resulting SOC 2 Type 2 certification verifies that ClosedLoop maintains robust controls and follows industry best practices. ClosedLoop completes an annual SOC 2 examination and is committed to data protection and confidentiality.

System and Organization Controls (SOC) are criteria that govern a wide range of controls. SOC 2 certification confers assurance about the controls relevant to AICPA’s trust services criteria. This criteria covers data security, availability, and processing integrity of the systems used to process users’ data and the confidentiality and privacy of the information processed. A type 2 report details an organization’s system and the suitability of their controls.