The Highest of Standards in Data Security

To ensure your data is handled in the most secure standards, Springbuk holds the HITRUST Risk-based, 2-year Certification, the highest standard of information protection certifications

In addition, Springbuk has achieved third-party validated SOC 2 Type 2 compliance for the sixth year in a row. These prestigious statuses represent efforts met with industry-defined requirements in keeping your data safe and managing risk appropriately.

LEARN MORE

Springbuk Security Standards

HITRUST Risk-based, 2-year Certification
Third-party Validated SOC 2 Type 2 Compliance

What does it mean to be HITRUST certified?

The HITRUST CSF provides the structure, transparency, guidance, and cross-references to authoritative sources organizations globally need to be certain of their data protection compliance. The initial development of the HITRUST CSF leveraged nationally and internationally accepted security and privacy-related regulations, standards, and frameworks–including ISO, NIST, PCI, HIPAA, and GDPR–to ensure a comprehensive set of security and privacy controls and continually incorporates additional authoritative sources. The HITRUST CSF standardizes these requirements, providing clarity and consistency and reducing the burden of compliance.The commitment and expertise demonstrated by HITRUST ensure that organizations leveraging the framework are prepared when new security and privacy regulations and risks are introduced.

By including federal and state regulations, standards, and frameworks, and incorporating a risk-based approach, the HITRUST Assurance Program helps organizations address security and data protection challenges through a comprehensive and flexible framework of prescriptive and scalable security controls.

READ THE PRESS RELEASE

What does it mean to achieve third-party SOC 2 Type 2 compliance?

The Service Organization Control (SOC) 2 Type II examination demonstrates that an independent accounting and auditing firm has reviewed and examined an organization’s control objectives and activities, and tested those controls to ensure that they are operating effectively.

Springbuk's third-party validation was provided by Crowe LLP, a public accounting, consulting, and technology firm that utilizes its deep industry expertise to provide audit services to public and private entities. This validation provides reasonable assurance in Springbuk’s handling of sensitive information.

READ THE PRESS RELEASE

If a vendor says they have undergone a HITRUST audit, is that the same thing as being certified?

Not necessarily. HITRUST isn't an audit. It's an assessment. In a certification, audits are usually more about an opinion on compliance, while an assessment defines the current state versus the ideal state and identifies weaknesses and gaps. So I suppose one could go through a HITRUST-based audit without the full assessment and certification. But to become HITRUST certified, the assessment process must go through an approved external assessor and then go through a HITRUST audit themselves.

Featured Resources

More than data analytics, we provide thought leadership to help drive results.
View ALL Resources
Springbuk Logo

More than health benefits data, a world of insight at your finger tips.

Springbuk is the health data analytics solution that equips employers and benefits advisors with the deep, immediate insights they need to sharpen strategies, improve health, and contain costs.

Request a demo
SecurityPrivacy NoticeTerms of ServiceGeneral DisclaimerBlog Disclaimer
I am ...An EmployerA Benefits AdvisorA Job Seeker
Health IntelligenceAnswersInsightsTimeline
Health AnalyticsClaimsGaps in CareCost Trends
Data WarehouseData Quality
Company
CultureCareersLeadershipNewsContactHealthiest Employers
ReportingReport BuilderAdvanced Reporting