Marlena Sarunac

Particle Health is SOC 2 Compliant

September 23, 2021

Today, we announced your data is officially safe with us.

We have undergone a System and Organization Controls (SOC) 2 SM examination, resulting in an official CPA’s report stating that we have maintained the effective controls over the security, availability, processing integrity, confidentiality, and privacy of our API platform. The engagement was performed by BARR Advisory, P.A., and we were assisted by Vanta throughout this process.


What is SOC 2?

A SOC 2 SM report is designed to meet the needs of existing or potential customers who need assurance about the effectiveness of controls used by the service organization to process customers’ information. This ensures that our API platform, which provides digital healthcare providers with access to more than 270 million patient electronic health records (EHRs), is operating with industry-leading data security standards.  


"We’re proud to announce that our SOC 2 SM report has verified that we have the appropriate controls in place to mitigate risks related to security, along with HIPAA Security Rule requirements. Companies that partner with us to access electronic health records (EHRs) using our universal API can rest assured that we’ve passed stringent data security standards to mitigate all operating risks.” -- Dan Horbatt, Co-Founder & CTO of Particle Health


The following principles and related criteria have been developed by the American Institute of CPAs (AICPA) for use by practitioners in the performance of trust services engagements: 


  • Security: The system is protected against unauthorized access (both physical and logical). 
  • Availability: The system is available for operation and use as committed or agreed. 
  • Processing Integrity: System processing is complete, valid, accurate, timely, and authorized to meet the entity’s objectives. 
  • Confidentiality: Information designated as confidential is protected as committed or agreed. 
  • Privacy: Personal information is collected, used, retained, disclosed, and disposed of to meet the entity’s objectives. 
  • HIPAA Security Rule Requirements: The system is compliant with the applicable HIPAA Security Rule requirements set forth in the U.S. Department of Health and Human Services’ (HHS) Health Information Portability and Accountability Act. 


Current and prospective customers interested in a copy of our SOC 2 SM report may contact Machi Davis, Senior Director of Operations at Particle Health. 

ABOUT BARR Advisory

BARR Advisory is a cloud-based security and compliance solutions provider, specializing in cybersecurity consulting and compliance for Software as a Service (SaaS) companies. A trusted advisor to some of the fastest-growing cloud-based organizations around the globe, BARR simplifies compliance across multiple regulatory and customer requirements in highly regulated industries including technology, financial services, healthcare, and government. 



ABOUT Vanta

Vanta automates security monitoring and advises companies seeking SOC 2, HIPAA, or ISO 27001 compliance. Vanta guides companies seeking SOC 2, HIPAA, or ISO 27001 compliance, throughout a process tailored to automate security monitoring.