Ksana Health Achieves SOC2 Type 2 Compliance for HIPAA and GDPR

Ksana Health completed its first third-party assessment for security and privacy controls, receiving unqualified approval attesting to the strength of our controls and compliance with best practices and statutory requirements, including:

  • AICPA, Trust Services Criteria
  • HIPAA Security Rule
  • HIPAA Privacy Rule
  • GDPR Controls Mapping

HIPAA

What is SOC 2 Type 2?

SOC 2 Type 2 report is an internal controls report capturing how a company safeguards data and how well those controls are operating. Companies that use cloud service providers use SOC 2 reports to assess and address the risks associated with third-party technology services. Independent third-party auditors issue these reports covering the Trust Services Criteria including Security, Availability, Integrity, Confidentiality, and Privacy.

AICPA Trust Services Criteria

The SOC 2 examination was conducted according to attestation standards developed and managed by the American Institute of Certified Public Accountants (AICPA), and provides detailed information related to, and assurance of, an entity’s controls surrounding the security, availability, and processing integrity of the systems used to process users’ data and the confidentiality of the data processed by these systems.

HIPAA Security & Privacy Rules

The controls embodied in the Healthcare Insurance Portability and Accountability Act (HIPAA) Security Rule and Privacy Rule, as defined in United States federal regulations 45 C.F.R. § 160 to 164, were evaluated and deemed compliant with the statute. Ksana Health is ready to act as a trusted Business Associate as we work together to improve health equity and mental health outcomes.

GDPR Controls Mapping

Ksana Health’s privacy controls were mapped to the European Union’s General Data Protection Regulation and were approved as meeting this standard.

 

Our Commitment to Security and Privacy

As part of our ongoing commitment to providing a best-in-class cloud network service, we take security and privacy seriously. Ksana Health was able to implement the required SOC 2 guidelines in an extremely short time frame due to the company’s advanced IT infrastructure and the modern architecture used in our EARS and Vira platforms.

“Ksana Health is proud to meet the highest standards with our approach to security and privacy, which is critical so that we can be a trusted partner for our customers,” said Dr. Nick Allen, CEO & Co-Founder, of Ksana Health. “Our clients need comprehensive assurances including confidence in the security, availability, processing integrity, confidentiality, and privacy of their data and the way they are stored and managed.”

Ksana Health customers, prospects, and partners may receive a copy of the SOC 2 report upon request. For more information on Ksana Health and the Vira and EARS products, please visit www.ksanahealth.com/privacy-policy/ or email privacy@ksanahealth.com

Elizabeth Duncan

2 September 2022

Share on:

Recent Articles

Behavioral Health Business Article: Inside Behavioral Healthcare’s Remote Patient Monitoring Opportunity

  In September 2022, Ksana Health founders, Dr. Nick Allen and Will Short are quoted in an industry article highlighting the opportunistic role of remote patient monitoring (RPM) in behavioral health. Ideas...

Continue reading

Ksana Health Achieves SOC2 Type 2 Compliance for HIPAA and GDPR

Ksana Health completed its first third-party assessment for security and privacy controls, receiving unqualified approval attesting to the strength of our controls and compliance with best practices and statutory requirements, including: AICPA,...

Continue reading

Continuous Behavioral Health Measurement: Better to Buy or Build?

Many industry colleagues we talk to about continuous behavioral health measurement (CBHM), tell us they can build their own capability in-house. While we respect their ambition, we believe such ambition underestimates the...

Continue reading