Security & Compliance
Health Bank One is a platform owned and operated by AllClear ID Health, Inc. At AllClear ID Health, we are deeply committed to safeguarding our customers and their data. As a trusted provider of digital banking services, we protect your data with banking-grade technology including high-security Health Bank IDs that ensure only you can access your account. Our Health Bank One solution is compliant with System and Organization Controls (SOC) 2 and aligns with the principles set forth in ISO/IEC 27001:2013 and HHS HIPAA regulatory standards to ensure maximum protection.
SOC 2 Type II
AllClear ID Health, Inc. maintains a continuous program to implement and certify the AICPA Service Organization Control (SOC) 2 compliance framework. This certification confirms that our information security practices, policies, procedures, and operations meet the SOC 2 standards for security.
The unqualified opinion we received underscores our commitment to managing customer data with the highest standards of security and compliance.
Customers and prospects can request access to our Audit Report here.
HIPAA Security Statement
At AllClear ID Health, we may serve organizations classified as Covered Entities under HIPAA. We have conducted an extensive review of our administrative, technical, and physical safeguards to ensure e-PHI is thoroughly protected. Our efforts focus on:
Ensuring the confidentiality, integrity, and availability of all e-PHI
Guarding against reasonably anticipated impermissible uses or disclosures
Protecting against reasonably anticipated threats to the security or integrity of the information
Ensuring workforce compliance with HIPAA regulations
Third-Party Vendor and Subprocessor Evaluation
Before engaging any third-party or subprocessor, AllClear ID Health conducts thorough diligence to evaluate their privacy, security, and confidentiality practices. We formalize these relationships through agreements that stipulate our stringent security obligations. Subprocessors may change over time. To obtain a complete list of subprocessors, customers and prospects can request access here.
Risk Assessment
At AllClear ID Health, we conduct annual risk assessments to evaluate the likelihood and impact of potential risks. This process ensures our controls meet our organizational needs and safeguard entrusted data effectively.
Technical Safeguards
Our technical safeguards include robust authentication and authorization mechanisms for employees and application users. Data transmissions to our data centers are encrypted to ensure data integrity and confidentiality. We continuously update and implement additional systems as needed to maintain the highest level of security for our hosted applications.
Implemented Security Controls
AllClear ID Health has implemented the necessary controls to ensure HIPAA compliance including administrative and technical controls.
Administrative Safeguards
We've established a comprehensive security management process, including standard operating procedures and relevant policies. A designated security manager oversees these procedures, and our staff undergoes annual training on HIPAA and security updates. We conduct regular internal reviews to maintain compliance and drive continual improvement.