Home Product Solutions Security Pricing Resources About Contact Request a demo
Security

Claims data is sensitive. We handle it that way.

Security is not an add-on at Soro, it is how we operate. Six locks sit between your billing data and the world. Scroll through them.

Signed BAAs TLS in transit AES-256 at rest Every access logged
Follow your data
Lock 01 · HIPAA & BAAs

Every hand signs first

Soro operates under signed Business Associate Agreements with every vendor that touches health data. No agreement, no access. That rule has no exceptions.

The full program is documented on our HIPAA and security page.

The agreement comes before the integration, every time.

Lock 02 · Encryption

Encrypted in transit and at rest

Data moves over TLS and rests under AES-256, backups included. There is no unencrypted path in and no unencrypted copy inside.

TLS on every connection. AES-256 on every stored byte.

Lock 03 · Secure intake

One door in, straight to storage

Billing files upload through an encrypted channel that lands them directly in secured storage. They are never emailed and never handled as loose files.

One encrypted door in. No attachments, no loose copies.

Lock 04 · Access controls

Least privilege, fully logged

People see only what their work requires, behind individual authenticated logins. Every access to health data is logged: who, what, when.

Access is scoped to the job and every read is on the record.

Lock 05 · Infrastructure

An isolated home on HIPAA-eligible cloud

Client data lives on HIPAA-eligible cloud infrastructure, inside an isolated network environment. Nothing sits on laptops or portable media.

Isolated network. Nothing local, nothing portable.

Lock 06 · Monitoring

Watched around the clock

Logging and monitoring run continuously. Unusual access gets flagged and reviewed the moment it appears, not discovered later.

Unusual access is flagged the moment it appears.

The short version

Security by the numbers

0 bit AES encryption On every stored byte, backups included
0 of vendors under signed BAAs Before any health data moves
0 logging and monitoring No off hours, no blind spots
0 files outside secured storage Never emailed, never loose
Follow one file

What happens to a claim file at Soro

From the moment it leaves your system to the moment someone reads it, a file is never unprotected and never unaccounted for.

Upload

The file leaves your system through an encrypted link. Nothing travels by email.

In transit

TLS wraps it the whole way. No readable copy exists en route.

At rest

It lands in secured storage and rests under AES-256, isolated from the open internet.

On the record

Every open and every read is logged with a name and a time. Nothing happens quietly.

The rules we run on

Always and never

We always

  • Sign the agreement before any data moves
  • Encrypt every byte, in transit and at rest
  • Scope access to exactly what the job requires
  • Watch the logs around the clock

We never

  • Email claim files or handle them as loose attachments
  • Store client data on laptops or portable media
  • Give a vendor access before a BAA is signed
  • Let an access to health data go unlogged
Questions

Ask us directly

If your security or compliance team wants to go deeper, we are glad to walk through it. Reach us through the contact page and you will get a direct answer.