As a an API specifically tailored for use with medical records and patient data, Slingshot prioritizes security and data privacy, employing rigorous standards to safeguard sensitive health information and maintain compliance with medical data protection regulations.


Hipaa Compliance BadgeSOC2 Type 2 Badge

Slingshot is compliant with the Health Insurance Portability and Accountability Act (HIPAA) and has its SOC2 Type 2 certification in partnership with Prescient Assurance.


As a HIPAA-compliant service, Slingshot offers a Business Associate Agreement (BAA) to all customers.

SOC 2 Type 2

Slingshot has received its SOC 2 Type 2 certification in partnership with Prescient Assurance. For Slingshot’s specific report please contact


Authenication is handled via API keys. API keys are generated on a per organization basis and can be revoked at any time. API keys are passed in the Authorization: Bearer SLINGSHOT_KEY header of all requests. Slingshot can also support firewalls and IP whitelisting as an additional layer of security.

Security Practices

For a full list of security practices please contact Some of our practices include:

  • All data is encrypted at rest and in transit. We support TLS 1.2 and encrypt all data with AES-256.
  • Security review of all medium risk or greater vendors.
  • Acquire BAA and ensure HIPAA compliance on all vendors that handle PHI.
  • Monitor all security policies and procedures.
  • Perform annual risk assessments.
  • Perform regular vulnerability scans.
  • Require regular security training and background checks for all employees.
  • Much more…

Security Issues

If you have found a security issue please email We will respond as soon as possible and work with you to resolve the issue quickly.