Built for healthcare from day one. Security, compliance, and trust are woven into every layer of the Solum Health platform. We protect your data so you can focus on patient care.
Real-time operational status for all Solum Health services and infrastructure.
Our Trust Center provides complete visibility into compliance certifications, sub-processor lists, and data handling practices.
Review our SOC 2 report, HIPAA documentation, BAA templates, and penetration test summaries. Everything you need to evaluate our security posture, in one place.
From encryption protocols to access controls, every aspect of Solum Health is designed to meet the rigorous requirements of healthcare organizations.
Solum Health operates as a HIPAA Business Associate with a comprehensive compliance program. We implement administrative, physical, and technical safeguards designed to protect PHI across all systems. Regular risk assessments, workforce training, and policy reviews support ongoing compliance.
Our SOC 2 Type II report, issued by an independent auditor, validates that our security controls are not just designed properly but operate effectively over time. The audit covers security, availability, and confidentiality trust service criteria.
Independent third-party penetration tests are conducted on a regular cadence across our infrastructure and application layer. Automated vulnerability scanning runs continuously, and findings are triaged and remediated according to severity-based SLAs.
All data is encrypted at rest using AES-256 and in transit using TLS 1.3. PHI is encrypted with dedicated keys managed through a FIPS 140-2 compliant key management service. Encryption keys are rotated automatically on a regular schedule.
Least-privilege principles govern all system access. Multi-factor authentication is required for every internal system. Access reviews are performed quarterly, and permissions are scoped to the minimum required for each role. All access events are logged.
Multi-region infrastructure with automated failover ensures your workflows never stop. Daily encrypted backups with point-in-time recovery. Disaster recovery plans are tested annually, and our architecture is designed for zero-downtime deployments.
Every data access event and system change is captured in immutable audit logs. Logs are retained for compliance, monitored with automated anomaly detection, and available for review. Suspicious activity triggers real-time alerts to our security team.
Business Associate Agreements are executed with every vendor and sub-processor that handles PHI. We maintain a transparent, up-to-date sub-processor list in our Trust Center so you always know who has access to your data.
Let Annie handle your intake, insurance, and authorizations 24/7.
