causaLens, the UK-based Causal AI pioneer, has achieved an enhanced level of HIPAA compliance for high levels of data security, following an independent audit for a SOC 2 Type 2 Report.
In November 2022, causaLens was awarded a clean SOC 2 Type 1 Report, effectively a snapshot of an organization’s data security controls. Developed by the American Institute of Chartered Professional Accountants (AICPA) and designed for service providers storing customer data in the cloud, SOC 2 defines criteria for managing customer data securely and in a manner that protects the organisation as well as the privacy of its customers. causaLens’ Type 1 Report affirmed that the company’s information security practices, policies, procedures and operations met the rigorous SOC 2 Trust Service Criteria for security, availability, processing integrity, confidentiality and privacy.
The Type 2 Report, again conducted by US-based CPA firm Barr Associates, assessed the operating effectiveness of controls over time. The auditor’s opinion stated that during the period 1 September to 30 November 2022, controls tested in respect of the causaLens Platform operated effectively to provide reasonable assurance that the company’s service commitments and system requirements were achieved based on the applicable trust services criteria and HIPAA Security Rule requirements.
HIPAA, the American Health Insurance Portability and Accountability Act, requires high levels of compliance for data handlers in relation to privacy, security, and breach notification. As healthcare providers and other entities dealing with protected health information move to cloud-based computerized operations, HIPAA compliance has become increasingly important for businesses working with sensitive data on behalf of healthcare organizations.
Commenting on the Type 2 Report, Ronald Hobbs, VP of Engineering at causaLens said:
“This important second stage of SOC 2 auditing shows that causaLens is not only prepared to make commitments regarding data security, but that it is effective at implementing security and privacy around our services and customers’ data. We are very pleased to be recognized further for ‘walking the walk’ in HIPAA compliance.”
causaLens uses Drata’s automated platform to continuously monitor its internal security controls. These are measured against the highest possible standards giving the business real-time visibility across its whole organisation. Continuous monitoring ensures end-to-end security and enables a systematic approach to compliance and reporting.