Trust and compliance

Last updated: Feb 9, 2024

We maintain a robust assurance program encompassing numerous platforms across industries. Our continuous monitoring program ensures we maintain our industry-leading secure framework as our customer base grows.


The HITRUST Cybersecurity Framework (CSF) evaluates against 19 domains of security covering a broad spectrum of administrative, physical, and technical controls. The HITRUST CSF encompasses all applicable HIPAA requirements as well as numerous best practices, structured in a maturity model to serve as a framework for higher levels of security.

Redox is HITRUST certified (see our HITRUST certificate) and attests at HITRUST’s Level 3, which is their highest standard.


System and Organization Controls (SOC) 2 is an industry-standard, technology service provider report verifying compliance and controls pertaining to security and availability. Type 2 indicates that this is a multi-month, over-time evaluation period for compliance.

Redox has maintained SOC 2 compliance since July 2017. Refer to our SOC 3 report for an overview of our SOC 2 controls.


General Data Protection and Regulation (GDPR) is a European Union (EU) law on data protection and privacy in the EU and European Economic Area. It is a cornerstone of EU privacy and human rights laws. Learn more about GDPR.

Redox is GDPR compliant. Refer to our privacy policy for details about our privacy procedures, including how to submit Data Subject Access Rights Requests (DSARs).


Learn more about the California Consumer Privacy Act of 2018 (CCPA), which gives consumers more control over the personal information that businesses collect about them. Also, read the CCPA regulations that provide guidance on how to implement the law. And don't forget about the California Privacy Rights Acts of 2020 (CRPA). Learn more about the CPRA amendment.

Redox adheres to all applicable regulations surrounding the CCPA and CPRA. See our CCPA disclosure.


Per the U.S. Department of Health & Human Services website, HIPAA standards are as follows:

To improve the efficiency and effectiveness of the healthcare system, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, included Administrative Simplification provisions that required HHS to adopt national standards for electronic healthcare transactions and codesets, unique health identifiers, and security.

Read more about HIPAA.

Redox adheres to all applicable U.S. federal and state regulations, including HIPAA.

NIST Cybersecurity Framework

National Institute of Standards and Technology (NIST) Cybersecurity Framework integrates industry standards and best practices to help organizations manage their cybersecurity risks. It provides a common language that allows staff at all levels within an organization—and at all points in a supply chain—to develop a shared understanding of their cybersecurity risks.

Redox works to align with these standards.