Hoxhunt is proud to announce that we have established a formal HIPAA compliance program and we have maintained SOC 2 Type 2 compliance for the seventh consecutive year, expanding our latest audit to include the Privacy Trust Services Criteria.
Building on our long-standing SOC 2 program, this expansion further strengthens our commitment to security, privacy, and trust, and reflects the maturity of our platform for highly regulated industries, including healthcare.
Expanding SOC 2 scope to privacy
SOC 2 is an independent auditing standard developed by the American Institute of Certified Public Accountants (AICPA) to evaluate how service providers manage customer data. It is based on the Trust Services
Criteria: Security, Availability, Confidentiality, and Privacy, which define how systems and data should be protected.
In practice, SOC 2 provides independent assurance that a company has implemented the right controls to keep customer data secure, available when needed, handled confidentially, and processed appropriately. A SOC 2 Type II report goes a step further by verifying that these controls are not only well designed, but also operating effectively over time.
Our SOC 2 Type II report validates, that our controls across Security, Availability, Confidentiality, and Privacy protect customer data consistently year-round. The Privacy Trust Service Criteria, added in our latest audit cycle, ensure that personal data is managed responsibly throughout its lifecycle, from processing in accordance with customer instructions to retention and deletion, aligned with strict principles around purpose limitation and data handling.
This includes capabilities such as secure disposal of personal data, controlled access and processing, rigorous onboarding and offboarding, and supporting data subject rights like access, correction, and transparency.
Support for healthcare industry with HIPAA program
The Health Insurance Portability and Accountability Act (HIPAA) is a U.S. regulation that sets requirements for protecting sensitive health information, known as protected health information (PHI). It defines how such data must be safeguarded, accessed, and disclosed, and requires organizations to implement appropriate administrative, technical, and physical safeguards.
Hoxhunt’s formal HIPAA compliance program supports customers operating in environments where PHI may be present. We are fully prepared to process such data responsibly and in compliance with HIPAA requirements.
Our approach builds on strong technical and organizational safeguards already embedded in the platform, including encryption in transit and at rest, strict access controls, continuous risk management, and ongoing security training for all personnel. HIPAA compliance is therefore a natural extension of the security and privacy foundation we have built.
Our commitment to security
These milestones aren't just one-time achievements; they represent our ongoing investment in the security of your data. With our HIPAA compliance program and seventh consecutive SOC 2 Type II certification, organizations can confidently deploy Hoxhunt as part of their security and compliance strategy.
We remain dedicated to evolving our platform alongside the regulatory landscape to ensure our customers stay ahead of emerging threats. For more information on our security posture, visit https://trust.hoxhunt.com
Get more cybersecurity insights like this
- Subscribe to All Things Human Risk to get a monthly round up of our latest content
- Request a demo for a customized walkthrough of Hoxhunt
