Here at Greenspace, privacy and security have always been at the foundation of our work. Our platform supports thousands of clinicians, hospitals, and health systems that depend on accurate, reliable, and confidential data to deliver effective, high-quality care. We continually invest in security best practices to ensure that the data of our partner clinics and the people they serve remains safe and secure. As part of this commitment, Greenspace undergoes an annual SOC 2 Type 2 assessment to validate and ensure that our data security processes and protocols meet and exceed the highest industry standards. We are happy to share that, once again, we have successfully completed our annual SOC 2 Type 2 examination and will continue our efforts to ensure we offer best-in-class privacy and security.
What is a SOC 2 Type 2 report and what does it mean for Greenspace and our partners? Keep reading as we share some insight into the assessment process, what it examines, and why the report matters to our partners.
What is the SOC 2 report?
Developed by the American Institute of Certified Public Accountants (AICPA), the SOC 2 (System and Organization Controls 2) is an internationally recognized framework for managing customer data. A SOC 2 audit evaluates the policies, procedures, and systems an organization has in place to protect data across five key Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy.
Our SOC 2 examination was conducted by A-LIGN, a technology-enabled security and compliance firm trusted by more than 4,000 global organizations to help mitigate cybersecurity risks. The SOC 2 examination is designed for organizations of any size, regardless of industry and scope, to ensure the personal assets of their potential and existing customers are protected. SOC 2 reports are recognized globally and affirm that a company’s infrastructure, software, people, data, policies, procedures and operations have been formally reviewed.
A SOC 2 report highlights the controls in place that protect and secure an organization’s system or services used by its customers. In order to pass a SOC 2 examination and receive a letter of attestation, an organization must address and have evidence of effective controls in areas such as information security, access control, vendor management, system backup, business continuity, disaster relief, and more.
Our Commitment to Privacy and Security
Completing another SOC 2 audit is one part of Greenspace’s ongoing, organization-wide commitment to security and privacy. Greenspace adheres with HIPAA and other leading digital and physical security protocols. Access to our platform is SSL-secured, filesystem is AES-encrypted, and all datasets are protected by firewalls. We take many additional precautions to protect privacy including requiring strong passwords, automatic logouts, automatic access logging, secured data backups, two factor authentication, and restrictive data access procedures.
We take many additional precautions to ensure security and privacy are maintained throughout our platform, without adding friction for users.
- Secure encryption: All data is encrypted both in transit and at rest using AES 256-bit encryption, the standard recommended by the U.S. National Institute of Standards and Technology (NIST) and Federal Information Processing Standards (FIPS).
- Access monitoring: Network access is continuously monitored and logged, with automated intrusion detection to identify and block unauthorized activity.
- Password protection: All passwords and security questions are cryptographically salted and hashed to prevent unauthorized access.
- Database backups: Encrypted backups are automatically completed on a regular schedule, stored in multiple secure locations, and backed up nightly.
- Automatic detection: A Host-based Intrusion Detection System (HIDS) continuously monitors for anomalous behavior, triggering immediate investigation and response if potential threats are detected.
- Internal policies and training: Every Greenspace team member receives comprehensive privacy and security training, ensuring that protection of client data is an organizational priority, not just a technical one.
At Greenspace, we believe that trust and transparency are at the foundation of great healthcare partnerships. When clinicians and administrators know that the tools they rely on are secure and compliant, they can fully focus on delivering exceptional care and driving better outcomes.
To learn more about our privacy and security policies and processes, visit our Privacy & Security page or reach out anytime at info@greenspacehealth.com.
