When it comes to your customer’s data, security always comes first. Above all else, Loyal ensures confidentiality of every piece of electronic protected health information (ePHI) we touch.
Loyal is HIPAA compliant
HIPAA simply demands compliance with the general rules within it, specifically the Security Rule, the Privacy Rule and the Breach Notification Rule. Loyal supports HIPAA compliance (within the scope of the Business Associate Agreement) but ultimately complying with HIPAA is a shared responsibility between the customer and us. We list below what steps Loyal takes to ensure HIPAA compliance:
SOC2 compliance
Loyal has successfully completed its SOC 2 Type 2 audits for controls relevant to security, availability, and confidentiality. This means that an independent third party has both validated our processes and practices with respect to these three trust services criteria and confirmed our ability to maintain compliance with the controls we’ve implemented.
Engineering
- Data is encrypted in transit by employing TLS 1.2+
- Data is encrypted at rest; our hardware is hosted in the United States utilizing HIPAA compliant cloud services and encrypted using AES-256
- API integrations are secured using an Authorization HTTP header and a Bearer authentication scheme
Operations
- By utilizing our products, we’ve already cleared your IT department’s Security audit
- If you’re working with us, it means we also have secured a Business Associate Agreement (BAA) with your Legal team
- Our products give you the tools to administer users and their access and control
- Our team completes mandatory HIPAA training and we continue to invest in on-going training curriculum for all of our employees
- We leverage HIPAA compliant tools, i.e. Zoom, so that we can communicate with you in a responsible and secure way
