End-to-end security

Your data, protected by the industry’s gold standard

Our interoperability platform keeps patient information safe with 100% cloud hosting, HITRUST® r2 certification,* and third-party audits

Our certifications

HITRUST r2 assesstment seal

Redox has earned the Health Information Trust Alliance (HITRUST®) r2, Level 3 certification*—the highest level achievable. Our certification, which recognizes the maturity and complexity of our security program, is validated by a third-party auditor.


The Service Organization Control (SOC) 2 standard indicates that Redox has established the compliance and controls for information security, availability, privacy, and other metrics. Type 2 indicates a compliance and evaluation period over multiple months.

Our regulatory compliance

GDPR Compliant
CCPA Compliant
HIPAA Compliant

Safe data connections you can trust

The Redox interoperability platform is 100% hosted on Amazon Web Services (AWS) and Google Cloud Platform (GCP), with which we have business associate agreements (BAAs). Additional security measures for data connections include:

  • Encrypted backups maintained with redundancy
  • No traffic interruptions during code changes 
  • Failover activation for outages

Application security you can count on

To protect your data, Redox exceeds industry, HIPAA-compliant, and National Institute of Standards and Technology (NIST) recommended encryption standards.

Connection safeguards

  • End-to-end encryption to secure data transmitted over HTTPS connections
  • Private subnet hosting for the Redox database and app containers (making them inaccessible from the outside Internet)
  • Automatic security updates for endpoints, with forced HTTPS at the endpoint layer

Authentication methods

  • Authorization via a variety of protocols, including 0Auth. For more details, see our docs on access management and data-in-transit encryption.
  • Sensitive credentials stored as salted and hashed values
  • A robust Zero Trust strategy built on CISA recommendations
  • Two-factor authentication for all Redox dashboard users and Redox customer support employees

Bug bounty program

  • A public program managed by HackerOne
  • Anyone can register to test the security of the Redox platform or to report any security concerns/issues
  • 400 active researchers in 2023

Customer monitoring and resolution

  • 24/7 monitoring via dark web and other intel sources for compromised customer dashboard and corporate accounts
  • Compromised account alerts and Redox-assisted resolution

Want to learn more about Redox’s security measures or technology?

SOC 2® is an international registered trademark of the AICPA.

*Applies to all Redox data transactions that are AWS-hosted