As a an API specifically tailored for use with medical records and patient data, Slingshot prioritizes security and data privacy, employing rigorous standards to safeguard sensitive health information and maintain compliance with medical data protection regulations.Documentation Index
Fetch the complete documentation index at: https://documentation.slingshotml.com/llms.txt
Use this file to discover all available pages before exploring further.
Compliance
BAA
As a HIPAA-compliant service, Slingshot offers a Business Associate Agreement (BAA) to all customers.SOC 2 Type 2
Slingshot has received its SOC 2 Type 2 certification in partnership with Prescient Assurance. For Slingshot’s specific report please contact sales@slingshotbills.com.Authentication
Authenication is handled via API keys. API keys are generated on a per organization basis and can be revoked at any time. API keys are passed in theAuthorization: Bearer SLINGSHOT_KEY
header of all requests. Slingshot can also support firewalls and IP whitelisting as an additional layer of security.
Security Practices
For a full list of security practices please contact sales@slingshotbills.com. Some of our practices include:- All data is encrypted at rest and in transit. We support TLS 1.2 and encrypt all data with AES-256.
- Security review of all medium risk or greater vendors.
- Acquire BAA and ensure HIPAA compliance on all vendors that handle PHI.
- Monitor all security policies and procedures.
- Perform annual risk assessments.
- Perform regular vulnerability scans.
- Require regular security training and background checks for all employees.
- Much more…