Ksana Health Achieves SOC2 Type 2 Compliance for HIPAA and GDPR

Ksana Health completed its first third-party assessment for security and privacy controls, receiving unqualified approval attesting to the strength of our controls and compliance with best practices and statutory requirements, including:

  • AICPA, Trust Services Criteria
  • HIPAA Security Rule
  • HIPAA Privacy Rule
  • GDPR Controls Mapping


What is SOC 2 Type 2?

SOC 2 Type 2 report is an internal controls report capturing how a company safeguards data and how well those controls are operating. Companies that use cloud service providers use SOC 2 reports to assess and address the risks associated with third-party technology services. Independent third-party auditors issue these reports covering the Trust Services Criteria including Security, Availability, Integrity, Confidentiality, and Privacy.

AICPA Trust Services Criteria

The SOC 2 examination was conducted according to attestation standards developed and managed by the American Institute of Certified Public Accountants (AICPA), and provides detailed information related to, and assurance of, an entity’s controls surrounding the security, availability, and processing integrity of the systems used to process users’ data and the confidentiality of the data processed by these systems.

HIPAA Security & Privacy Rules

The controls embodied in the Healthcare Insurance Portability and Accountability Act (HIPAA) Security Rule and Privacy Rule, as defined in United States federal regulations 45 C.F.R. § 160 to 164, were evaluated and deemed compliant with the statute. Ksana Health is ready to act as a trusted Business Associate as we work together to improve health equity and mental health outcomes.

GDPR Controls Mapping

Ksana Health’s privacy controls were mapped to the European Union’s General Data Protection Regulation and were approved as meeting this standard.


Our Commitment to Security and Privacy

As part of our ongoing commitment to providing a best-in-class cloud network service, we take security and privacy seriously. Ksana Health was able to implement the required SOC 2 guidelines in an extremely short time frame due to the company’s advanced IT infrastructure and the modern architecture used in our EARS and Vira platforms.

“Ksana Health is proud to meet the highest standards with our approach to security and privacy, which is critical so that we can be a trusted partner for our customers,” said Dr. Nick Allen, CEO & Co-Founder, of Ksana Health. “Our clients need comprehensive assurances including confidence in the security, availability, processing integrity, confidentiality, and privacy of their data and the way they are stored and managed.”

Ksana Health customers, prospects, and partners may receive a copy of the SOC 2 report upon request. For more information on Ksana Health and the Vira and EARS products, please visit www.ksanahealth.com/privacy-policy/ or email privacy@ksanahealth.com

Elizabeth Duncan

2 September 2022

Share on:

Recent Articles

Ksana Health 2022 Highlights (in Video)

For Ksana Health, 2022 was a year of perseverance, learning and optimization. We are grateful to all the partners, collaborators and supporters who made the year what it was. The video below...

Continue reading

Study Result: The TAG Study (McNeilly, 2023) further confirms link between teen mood and social media communications.

We are glad to share this recent publication of the Transitions in Adolescent Girls (TAG) Study (McNeilly, 2023), a longitudinal study examining the extent to which daily mood is associated with digital...

Continue reading

The Health Economics Case for Continuous Behavioral Health Measurement

Like any new health technology, continuous behavioral health measurement (CBHM) must economically justify its place among the growing options for measuring therapy and care outcomes. At Ksana Health, we think a lot...

Continue reading