Trust

Security and Compliance, Stated Honestly

Sending PHI offshore demands real safeguards and real honesty. We lead with what is true today — HIPAA-aware workflows, access control, BAA-ready engagement, ISO certification — and we are transparent about what is still in progress.

Talk to Our Team Discuss Your Requirements

Quick answer

How does Salt HealthOps handle security and compliance?

Salt HealthOps operates HIPAA-aware workflows with access control, confidentiality training, and audit-friendly processes, and engages under a Business Associate Agreement (BAA). Salt Technologies is ISO certified, with SOC 2 in progress. We are deliberately honest: we do not claim certifications we do not yet hold.

What is true today

HIPAA-aware workflows

Processes designed around PHI handling and minimum necessary access.

BAA-ready engagement

We engage under a Business Associate Agreement.

Access control

Least-privilege access and controlled credentials.

Audit-friendly operations

Documented SOPs and traceable actions.

ISO certified

Salt Technologies maintains ISO certification.

Confidentiality training

Staff trained on PHI handling and confidentiality.

What is in progress

We believe the honest answer builds more trust than an inflated one. SOC 2 is in progress and not yet complete. We will not describe Salt HealthOps as SOC 2 certified or fully HIPAA compliant until that is verified. We are happy to discuss our current posture, roadmap, and what we can put in writing for your security review.

SOC 2: in progress, not yet certified
We do not claim 'fully HIPAA compliant' as a marketing label
We will share current controls and our roadmap on request

How we protect your operation

01
BAA & scope
Sign a BAA and define data scope before work begins.
02
Access setup
Least-privilege access inside your systems.
03
SOPs & training
Documented workflows and confidentiality training.
04
QA & oversight
Sample audits and US-based accountability.
05
Reporting
Transparent reporting and traceable actions.

You stay in control

You keep your systems and your data access
We work inside your environment, not a vendor black box
A US-based point of contact owns accountability
Defined escalation path for issues
Backed by Salt Technologies' delivery and security discipline

Offshore vs Co-Managed RCM Engagement Models About Salt HealthOps Contact

Frequently asked questions

Are you HIPAA compliant?

We operate HIPAA-aware workflows and engage under a BAA, with access control, training, and audit-friendly processes. We avoid the blanket label 'fully HIPAA compliant' because HIPAA compliance is a shared, ongoing responsibility, not a one-time badge. We are glad to walk through our specific controls.

Do you have SOC 2?

SOC 2 is in progress and not yet complete. We will not claim SOC 2 certification until it is verified. We can share our current security posture and roadmap for your review.

Will you sign a BAA?

Yes. We engage under a Business Associate Agreement and define data scope and access before work begins.

Where is our data stored and accessed?

You keep ownership of your systems and data. Our specialists work inside your environment using least-privilege access configured during onboarding, rather than moving your data into a separate vendor system.

Last updated June 24, 2026

Next step

Bring us your security requirements

We will walk through our current controls honestly and tell you what we can support for your security review.