Your data, protected by the industry’s gold standard
Our interoperability platform keeps patient information safe with 100% cloud hosting, HITRUST® certifications, and third-party audits
Our certifications
For all our cloud environments, Redox maintains Health Information Trust Alliance (HITRUST®) certification.
For Redox transactions on AWS, we have earned the HITRUST r2 certification, the highest standard achievable, validated by a third-party auditor. Redox transactions on GCP have earned HITRUST i1 certification for our leading security practices.
Redox maintains a SOC 2® Type 2 report. The Service Organization Control (SOC) 2 standard establishes the compliance and controls for information security, availability, privacy, and other metrics. Type 2 indicates a compliance and evaluation period over multiple months.
Our regulatory compliance
Safe data connections you can trust
The Redox interoperability platform is 100% hosted on Amazon Web Services (AWS) and Google Cloud Platform (GCP), with which we have business associate agreements (BAAs). Additional security measures for data connections include:
Encrypted backups maintained with redundancy
No traffic interruptions during code changes
Failover activation for outages
Extensive third-party security program
Advanced defense-in-depth strategy and execution
Let's shut the backdoor for good.
Application security you can count on
To protect your data, Redox exceeds industry, HIPAA-compliant, and National Institute of Standards and Technology (NIST) recommended encryption standards.
Connection safeguards
End-to-end encryption to secure data transmitted over HTTPS connections
Private subnet hosting for the Redox database and app containers (making them inaccessible from the outside Internet)
Automatic security updates for endpoints, with forced HTTPS at the endpoint layer
Authentication methods
Authorization via a variety of protocols, including 0Auth. For more details, see our docs on access management and data-in-transit encryption.
Sensitive credentials stored as salted and hashed values
A robust Zero Trust strategy built on CISA recommendations
Two-factor authentication for all Redox dashboard users and Redox customer support employees
Bug bounty program
A public program managed by HackerOne
Anyone can register to test the security of the Redox platform or to report any security concerns/issues
More than 500 researchers in the past 12 months
Customer monitoring and resolution
24/7 monitoring via dark web and other intel sources for compromised customer dashboard and corporate accounts
Compromised account alerts and Redox-assisted resolution
Want to learn more about Redox’s security measures or technology?
HITRUST® is a registered trademark of HITRUST Services Corp.
SOC 2® is an international registered trademark of the AICPA.