• August 19, 2021
  • 2 min read

Announcing HIPAA and SOC 2 compliance

Evervault is building encryption infrastructure for developers. Our mission is to encrypt the web. Our goal is to end data breaches.

Security will always be our number one priority. While being compliant is not the same as being secure, we know that being certified to the highest compliance standards is an important way to give developers and customers assurance that they can build business-critical applications on Evervault.

Today, we’re excited to announce that Evervault has achieved compliance with HIPAA and SOC 2 Type II.


Under HIPAA, Evervault is a business associate for covered entities, including hospitals, medical services providers, research facilities, healthcare startups, and insurance companies that deal directly with ePHI.

Covered entities can use Evervault to encrypt and process electronic protected health information (ePHI), like insurance and billing information, diagnosis data, clinical care data, and lab & test results.

We fully support our customers’ efforts to maintain HIPAA. Customers looking to maintain HIPAA — like Vital — can enter into a Business Associate Agreement (BAA) with Evervault.

Contact our sales team to enter a BAA with Evervault.

SOC 2 Type II

Evervault’s System and Organization Controls 2 (SOC 2) Report is an independent third-party examination report that demonstrates how Evervault has established and follows strict information security policies and procedures.

The purpose of a SOC 2 Report is to provide customers — like Manna — with an independent assessment of Evervault’s information security control environment.

Evervault maintains SOC 2 Type II compliance relevant to system / customer data security, availability, and confidentiality.

SOC 2 Type II examines the continued effectiveness of our control environment throughout an annual period. We are currently in our second audit period, ending 31 December 2021.

Contact our sales team for our SOC 2 Type II report.

Developers and businesses that need to secure ePHI under HIPAA, or any other sensitive data can start encrypting now.

Related Posts