When processing sensitive insurance documents, security isn't negotiable. Your customers trust you with their data—and you need partners who take that responsibility as seriously as you do.
Our Security Overview provides transparent details on how SortSpoke protects your data with SOC 2 Type 2 certification, HIPAA compliance, and enterprise-grade security infrastructure built specifically for insurance.
What you'll learn:
Download the full Security Overview to dive deeper:
.png?width=283&height=366&name=SortSpoke%20Security%20Overview%20Cover%20(1).png)
Download our Security Overview to see how SortSpoke protects your data. Get the details on our SOC 2 Type 2 and HIPAA compliance, encryption standards, and enterprise-grade security infrastructure.
By clicking Download Now you're confirming that you agree with our Privacy Policy.
Your data security is our priority—here are answers to common questions about how we protect your sensitive information.
.png?width=1080&height=1090&name=%235%20-%20SortSpoke%20(1).png)
SOC 2 focuses on security, availability, and confidentiality for any type of sensitive data. It's verified through independent audits over 6-12 months.
HIPAA is specific to healthcare data (protected health information/PHI) and is required for health insurance carriers processing medical records, diagnoses, and health information.
SortSpoke maintains both certifications. Learn more about our SOC 2 Type 2 certification and HIPAA compliance.
Generally no—HIPAA applies primarily to health insurance carriers, health plans, and companies processing protected health information (PHI). However, workers' compensation claims often involve medical records, which may trigger HIPAA requirements.
If you process any health insurance submissions, life insurance applications with medical records, or workers' comp claims with diagnoses and treatment information, HIPAA compliance is critical.
Learn more: Why HIPAA Compliance Matters for Insurance Carriers
Yes. We provide our SOC 2 Type 2 audit report to partners and customers under NDA during the procurement process. The report includes detailed information about our security controls, audit findings, and how we address the Trust Service Criteria.
Contact us to request a copy, or learn more about what's in our SOC 2 certification.
Documents are handled according to your specified retention requirements, and you maintain complete ownership at all times. You can export or delete your information whenever needed. All document access and modifications are logged in our audit trails.
For health insurance carriers, we follow HIPAA data destruction protocols and include these requirements in our Business Associate Agreements.
Our human-in-the-loop AI keeps underwriters involved in the validation process, making every extraction decision traceable and auditable. Unlike black-box AI systems, SortSpoke maintains:
SortSpoke works within your existing security perimeter, reducing implementation risks while maintaining compliance.
We've published detailed pages about our certifications and security practices:
Educational Resources:
You can also download our Security Overview or contact our security team with specific questions.
SOC 2 Type 2: We undergo annual audits with continuous monitoring between cycles. Our certification covers a 6-12 month audit period, demonstrating ongoing compliance—not just a point-in-time snapshot.
HIPAA: We maintain continuous compliance through regular risk assessments, policy updates, and workforce training. Our controls are reviewed annually as part of our security program.
When regulatory requirements change or new threats emerge, we update our controls immediately—audits simply confirm these practices are working as intended.
Yes. SortSpoke offers flexible data residency options through AWS infrastructure. We can host your data in your desired region to ensure it remains within a specific country for regulatory compliance.
Common regions include:
Our infrastructure includes:
Contact us to discuss your data residency requirements.
