See how Carrot can transform companies.

Company news

Carrot completes SOC 2 Type II and HIPAA audits

By
Dan Cleary, Information Security Officer
Carrot completes SOC 2 Type II and HIPAA audits
August 12, 2020
Share on LinkedIn

At Carrot, safety and security are critically important in everything we do. Our customers and members entrust us with their private information, and it’s our job to take every precaution we can to keep it safe and secure. That's why we're delighted to share that Carrot has completed our first SOC 2 Type II and HIPAA audits. As a fertility benefits provider, we consider these audits an essential step for us in demonstrating our security and operational integrity.

Carrot has fulfilled all requirements of SOC 2 and HIPAA, and the combined audit resulted in a clean opinion from the auditor. The audit was completed in June 2020 by Linford & Company LLP, an independent third-party auditor that specializes in SOC 2 and HIPAA. This report has been made available to current and prospective customers as of July 2020.

SOC 2 Type II compliance

SOC 2 is an industry standard compliance framework defined by the American Institute of Certified Public Accountants (AICPA), which outlines industry standard trust service principles that secure organizations must comply with to gain certification.

There are two types of SOC 2 reports: Type I and Type II. The Type I report validates that a company has required security policies and procedures in place at a point in time. While obtaining a Type I report is valuable as a baseline, Carrot has opted to undergo a Type II audit, which shows we have been practicing these secure policies and procedures for an extended period of six months. To ensure that we continue to uphold this standard, Carrot will undergo annual SOC 2 Type II audits going forward.

Please contact our team to learn more or to request a copy of our SOC 2 Type II report.

HIPAA compliance

The Health Insurance Portability and Accountability Act (HIPAA) is a U.S. regulatory framework that outlines rules and safeguards for businesses that transmit or store Protected Health Data (PHI) of their users. The HIPAA audit we completed verifies that Carrot is following all HIPAA rules and safeguards. In addition, Carrot is able to sign a HIPAA Business Associate Agreement (BAA) for our customers upon request.

Please contact our team to request a copy of our HIPAA report and BAA.

Moving forward

This combined SOC 2 Type II and HIPAA audit is an important milestone for us at Carrot. We’re looking forward to continuing to achieve additional levels of security and regulatory compliance as we examine new ways to strengthen our security at Carrot in 2020 and beyond.

Want to learn more about security at Carrot? Schedule some time to talk with our team.

Any general advice posted on our blog, website, or app is for informational purposes only and is not intended to replace or substitute for any medical advice, diagnosis, or treatment. Carrot Fertility makes no representations or warranties and expressly disclaims any and all liability concerning any treatment, action by, or effect on any person following the general information offered or provided within or through the blog, website, or app.

Read more