At Sohar, we understand that trust is the foundation of every successful partnership. As a health tech company working with sensitive patient information, we take our responsibility to safeguard your data seriously. Our platform handles Protected Health Information (PHI) and Personally Identifiable Information (PII), delivering eligibility and benefits information while ensuring your data is handled with the highest levels of security and compliance. We want to share how we approach information security, data privacy, and regulatory compliance—key pillars that enable us to serve you with confidence and transparency.

Compliance isn’t just a checkbox for us—it’s a core part of how we operate.”

- Lucas Gordon, Co-Founder and CTO, Sohar

Information Security: Robust, Layered, and Always Evolving

Keeping your data secure is our top priority. We’ve implemented a multi-layered security framework to protect your data at every stage—from transmission to storage. Here are some key elements of our approach:

  • Advanced Encryption: We use industry-standard encryption (TLS 1.2+ and AES-256) to secure data in transit and at rest, ensuring that sensitive information remains protected against unauthorized access.
  • Access Controls: We follow strict role-based access controls (RBAC) to limit data access to authorized personnel only. Regular audits and monitoring ensure adherence to our policies.
  • Threat Monitoring: Our systems are continuously monitored for potential threats, leveraging AWS’s advanced security services like GuardDuty and AWS WAF to detect and mitigate risks in real time.
  • Incident Response: In the rare event of a security incident, our team is prepared with a well-documented and regularly tested incident response plan to address issues swiftly and effectively.

Our commitment to security extends beyond technology; it’s a mindset embedded in our culture, with regular training to keep our team vigilant and informed.

Data Privacy: Protecting What Matters Most

We recognize the critical importance of safeguarding the privacy of patient and provider data. Our practices are designed to go beyond compliance, ensuring we handle your data with the utmost care and respect.

  • Minimal Data Collection: We only collect and process the data necessary to deliver our services. This “least privilege” approach minimizes exposure and reduces risk.
  • Data Anonymization: Wherever possible, we anonymize data to further protect individual identities, particularly in analytics and reporting.
  • Secure APIs: Our APIs are designed with privacy in mind, employing authentication mechanisms to ensure only authorized requests are processed.
  • Customer Transparency: We maintain clear and open communication with our customers about how their data is used, stored, and protected, empowering you with the information you need to make informed decisions.

By putting data privacy at the forefront, we aim to build lasting trust and confidence in our partnership with you.

Compliance: Meeting and Exceeding Standards

Compliance isn’t just a checkbox for us—it’s a core part of how we operate. We adhere to stringent industry regulations to ensure your data is handled according to the highest standards.

  • SOC 2 Certification: Our SOC 2 certification demonstrates our commitment to maintaining strong internal controls, with regular audits to validate our systems’ security, availability, and confidentiality.
  • HIPAA Compliance: As a health tech provider, HIPAA compliance is non-negotiable. From secure data storage to privacy safeguards, our processes are aligned with HIPAA’s requirements to protect PHI.
  • AWS Best Practices: We leverage AWS’s secure and compliant infrastructure, following best practices to meet regulatory requirements across all stages of data handling.
  • Continuous Improvement: Regulations and threats evolve, and so do we. Our compliance team works tirelessly to stay ahead, ensuring that our systems and processes remain aligned with the latest standards.

By meeting and exceeding compliance requirements, we’re not just protecting your data—we’re protecting your reputation and the trust you’ve built with your patients.

If you have any additional questions about Sohar’s information security, data privacy, or compliance policies, please reach out so we can address them.