Security
Security overview
As a an API specifically tailored for use with medical records and patient data, Slingshot prioritizes security and data privacy, employing rigorous standards to safeguard sensitive health information and maintain compliance with medical data protection regulations.
Compliance
Slingshot is compliant with the Health Insurance Portability and Accountability Act (HIPAA) and has its SOC2 Type 2 certification in partnership with Prescient Assurance.
BAA
As a HIPAA-compliant service, Slingshot offers a Business Associate Agreement (BAA) to all customers.
SOC 2 Type 2
Slingshot has received its SOC 2 Type 2 certification in partnership with Prescient Assurance. For Slingshot’s specific report please contact sales@slingshotbills.com.
Authentication
Authenication is handled via API keys. API keys are generated on a per organization basis and can be revoked at any time. API keys are passed in the Authorization: Bearer SLINGSHOT_KEY
header of all requests. Slingshot can also support firewalls and IP whitelisting as an additional layer of security.
Security Practices
For a full list of security practices please contact sales@slingshotbills.com. Some of our practices include:
- All data is encrypted at rest and in transit. We support TLS 1.2 and encrypt all data with AES-256.
- Security review of all medium risk or greater vendors.
- Acquire BAA and ensure HIPAA compliance on all vendors that handle PHI.
- Monitor all security policies and procedures.
- Perform annual risk assessments.
- Perform regular vulnerability scans.
- Require regular security training and background checks for all employees.
- Much more…
Security Issues
If you have found a security issue please email security@slingshotbills.com. We will respond as soon as possible and work with you to resolve the issue quickly.