For ClosedLoop, ensuring the highest degree of information security and privacy is paramount. As healthcare’s data science platform, ClosedLoop routinely handles protected health information (PHI) and is committed to the confidentiality, integrity, and availability of all information that is collected, created, stored, used, and maintained. 

ClosedLoop’s data science platform is HIPAA compliant, HITRUST certified, and maintains compliance with other industry-recognized security frameworks and privacy regulations. Information security management policies, programs, and controls are frequently reviewed through recurring internal and external audits to validate their continued effectiveness.


ClosedLoop’s customers can count on best-in-class information security and comprehensive regulatory compliance as they shape the future of healthcare.

HITRUST Certified

The ClosedLoop Platform, its underlying production components hosted in Amazon Web Services, and supporting infrastructure are HITRUST CSF® v9.3 certified. This certification verifies ClosedLoop’s compliance with the most rigorous security standards and commitment to health data protection. 


HITRUST CSF is a framework that leverages nationally and internationally accepted security and privacy-related regulations and standards – including ISO, NIST, PCI, HIPAA, and COBIT – to ensure a comprehensive set of security and privacy controls. It continually incorporates additional authoritative sources and standardizes requirements, providing clarity and regulatory consistency.


HIPAA Compliant Storage

HIPAA compliance

ClosedLoop adheres to the Health Insurance Portability and Accountability Act (HIPAA) and provides customers with HIPAA compliant storage. ClosedLoop enters into business associate agreements (BAAs) with all relevant partners and customers to ensure HIPAA requirements are satisfied and create liability between parties. Ensuring that PHI is safeguarded and private is of the utmost importance to ClosedLoop. 


HIPAA sets the standard for patient data, and entities dealing with PHI must be HIPAA compliant. The HIPAA Privacy and Security Rules are composed of national regulations for the use, disclosure, and protection of PHI. These rules establish specific security safeguards for compliance, categorized as administrative, physical, and technical requirements.


AICPA SOC 2 Type 1 Certified

AICPA SOC logo

ClosedLoop is SOC 2 certified. SOC 2 assessment was conducted through an independent technical examination performed by a third party. This examination was completed in accordance with attestation standards established by the American Institute of Certified Public Accountants (AICPA), and the resulting SOC 2 Type 1 certification verifies that ClosedLoop maintains robust controls and follows industry best practices. ClosedLoop completes an annual SOC 2 examination and is committed to data protection and confidentiality.


System and Organization Controls (SOC) are criteria that govern a wide range of controls. SOC 2 certification confers assurance about the controls relevant to AICPA’s Trust Services Criteria. This criteria covers data security, availability, and processing integrity of the systems used to process users’ data and the confidentiality and privacy of the information processed. A type 1 report details an organization’s system and the suitability of their controls.