Compliance


BAA
As a HIPAA-compliant service, Slingshot offers a Business Associate Agreement (BAA) to all customers.SOC 2 Type 2
Slingshot has received its SOC 2 Type 2 certification in partnership with Prescient Assurance. For Slingshot’s specific report please contact sales@slingshotbills.com.Authentication
Authenication is handled via API keys. API keys are generated on a per organization basis and can be revoked at any time. API keys are passed in theAuthorization: Bearer SLINGSHOT_KEY
header of all requests. Slingshot can also support firewalls and IP whitelisting as an additional layer of security.
Security Practices
For a full list of security practices please contact sales@slingshotbills.com. Some of our practices include:- All data is encrypted at rest and in transit. We support TLS 1.2 and encrypt all data with AES-256.
- Security review of all medium risk or greater vendors.
- Acquire BAA and ensure HIPAA compliance on all vendors that handle PHI.
- Monitor all security policies and procedures.
- Perform annual risk assessments.
- Perform regular vulnerability scans.
- Require regular security training and background checks for all employees.
- Much more…