How SOC 2 Type II Compliance Can Improve the Patient Experience

Loyal didn’t become the preferred software solution for improved care utilization among the nation's 39
leading health systems and hospitals by taking lightly the issue of data security. In fact, the opposite is
true. We’ve known from the start that data is the foundation of any health system and set out to
organize, manage, enrich and protect that which is critical to providing patients a unified, more
seamless journey to better health. Today, we take that founding commitment to data security a step
further by announcing Loyal has achieved SOC 2 Type II compliance.

In doing so, we are helping health system and hospital leadership teams build upon the trust their
organizations have spent decades fostering with the patients and communities they serve. This, in
turn, strengthens the relationship between patients and providers, creating a better overall experience
and a unique opportunity for the health system and hospital leadership teams to deliver on their
organization’s mission. What’s in it for Loyal? The knowledge that through SOC 2 Type II compliance,
the highest standards of security when it comes to managing customer data, we are able to close
more knowledge and care gaps to ensure equal access for all.

To aid us in preparation for the rigorous review of Loyal’s internal security policies and controls, our
team selected Vanta as our security compliance partner earlier this year. The examination, which was
performed by BARR Advisory, took place near the conclusion of the process, which lasted
approximately three months in total. The majority of this time was spent on the collection of audit
evidence, and we believe the relatively quick speed in which we were able to attain SOC 2 Type II
compliance is a testament to the data security policies and controls already in place at the start of the
process.

Those who have worked with Loyal know we take data security seriously from the start, making it
possible to securely leverage health system and hospital data to power solutions designed to improve
the patient experience such as a HIPAA-compliant chatbot, online scheduling, provider search, and
more. Achieving SOC 2 Type II compliance only enhances those capabilities with the assurance that
health system and hospital risk has been mitigated because Loyal’s data security measures have
been and will continue to be verified by third-party experts regularly.

21972-312_SOC_NonCPA.png