The federal Health Insurance Portability and Accountability Act (HIPAA) of 1996’s primary goal is to make it easier for people to keep health insurance, protect the confidentiality and security of healthcare information as it moves through the healthcare system, and help the healthcare industry control administrative costs. OneLogin does not store electronic protected health information (ePHI), but has mapped its control framework to HIPAA security requirements to validate we are able to comply with HIPAA if the need arose. This control framework is tested as part of the SOC 2 Type 2 reports.
What’s the primary purpose of this initiative?
Validate OneLogin’s ability to meet HIPAA Security requirements, which are designed to protect ePHI.
What’s the scope?
OneLogin’s security controls evaluated against the HIPAA Security requirements.
How often are you evaluated/audited?
The security controls aligned with HIPAA Security requirements are tested as part of the periodic SOC 2 Type 2 Report Audits.
Who performs the evaluation/audit?
Grant Thornton LLP performs the SOC 2 Type 2 Report audit.
Who is the primary audience?
Customers and relevant third parties with a business need.
Where can I get a copy of the report/certificate?
The evaluation of the security controls aligned with HIPAA Security Requirements is performed as part of the SOC 2 Type 2 Report Audits. Customers and relevant third parties can request the latest report from their Account Executive, Business Development, or Customer Success contact.