Carrot completes SOC 2 Type II and HIPAA audits

August 11, 2020
|
Dan Cleary
Director, Engineering
Company news
arrow_back
Back to Blog

At Carrot, safety and security are critically important in everything we do. Our customers and members entrust us with their private information, and it’s our job to take every precaution we can to keep it safe and secure. That's why we're delighted to share that Carrot has completed our first SOC 2 Type II and HIPAA audits. As a fertility benefits provider, we consider these audits an essential step for us in demonstrating our security and operational integrity.

Carrot has fulfilled all requirements of SOC 2 and HIPAA, and the combined audit resulted in a clean opinion from the auditor. The audit was completed in June 2020 by Linford & Company LLP, an independent third-party auditor that specializes in SOC 2 and HIPAA. This report has been made available to current and prospective customers as of July 2020.

SOC 2 Type II compliance

SOC 2 is an industry standard compliance framework defined by the American Institute of Certified Public Accountants (AICPA), which outlines industry standard trust service principles that secure organizations must comply with to gain certification.

There are two types of SOC 2 reports: Type I and Type II. The Type I report validates that a company has required security policies and procedures in place at a point in time. While obtaining a Type I report is valuable as a baseline, Carrot has opted to undergo a Type II audit, which shows we have been practicing these secure policies and procedures for an extended period of six months. To ensure that we continue to uphold this standard, Carrot will undergo annual SOC 2 Type II audits going forward.

Please contact our team to learn more or to request a copy of our SOC 2 Type II report.

HIPAA compliance

The Health Insurance Portability and Accountability Act (HIPAA) is a U.S. regulatory framework that outlines rules and safeguards for businesses that transmit or store Protected Health Data (PHI) of their users. The HIPAA audit we completed verifies that Carrot is following all HIPAA rules and safeguards. In addition, Carrot is able to sign a HIPAA Business Associate Agreement (BAA) for our customers upon request.

Please contact our team to request a copy of our HIPAA report and BAA.

Moving forward

This combined SOC 2 Type II and HIPAA audit is an important milestone for us at Carrot. We’re looking forward to continuing to achieve additional levels of security and regulatory compliance as we examine new ways to strengthen our security at Carrot in 2020 and beyond.

Want to learn more about security at Carrot? Schedule some time to talk with our team.

arrow_back
Back to Blog
Dan Cleary
Director, Engineering

Any general advice posted on our blog, website, or app is for informational purposes only and is not intended to replace or substitute for any medical advice, diagnosis, or treatment. Carrot Fertility makes no representations or warranties and expressly disclaims any and all liability concerning any treatment, action by, or effect on any person following the general information offered or provided within or through the blog, website, or app.

Other Related Blog Posts

Company news

A message from Tammy Sun, Founder and CEO

Read now
arrow_forward
Company news

Carrot Fertility appoints Erica Palsis as Chief Legal Officer

Erica Palsis, an experienced in-house legal counsel across a variety of healthcare companies, has joined Carrot Fertility as Chief Legal Officer.

Read now
arrow_forward
Company news

Carrot Fertility promotes Brooke Quinn to Chief Operating Officer

Read now
arrow_forward

The standard for inclusive, global fertility healthcare and family-forming support

Find out how our customizable fertility solutions do more for your people, groups, and organizations

Contact Carrot
Avery
Carrot member
Woman on phone
close icon
Person sitting with coffee
arrow_forward