OnceHub complies with the stringent security and privacy policies required in the healthcare sector. We work with expert consultants to implement the policies and processes required to protect your data and satisfy HIPAA and the HITECH act. All electronic protected health information (ePHI) collected, stored, and distributed by OnceHub products is encrypted both at rest and in transit, ensuring the highest level of security. Companies that require HIPAA compliance can contact us to sign our Business Associate Agreement.
SOC 2 Certified
OnceHub was audited for SOC 2 Type 2 compliance by Ernst & Young, one of the Big Four CPA firms. The report outlines how our controls and processes uphold the Trust Service Principles of security, confidentiality, privacy, and availability. Auditing of this report was conducted over a one-year monitoring period for both suitability and effectiveness. The 2017 calendar year SOC 2 report can be provided upon request
Compliance with the GDPR
OnceHub is committed to compliance with the General Data Protection Regulation (GDPR). The European Union’s new data protection law unifies different privacy legislation across EU member states. The purpose of this new framework is to strengthen the privacy rights of individuals in regards to how their personal data is being collected, processed, and used. We stand by the GDPR’s key principles, including data protection by design, data protection by default, fairness, transparency, and breach notification. Additionally, we provide our users with all the tools necessary to ensure they can use all OnceHub products in a GDPR compliant manner. Learn more about OnceHub’s compliance with the GDPR
OnceHub complies with the Payment Card Industry Data Security Standards. Our payment systems have been developed to ensure maximum security and PCI compliance. All electronic payment card information collected, stored, and distributed by OnceHub is encrypted both at rest and in transit, ensuring the highest level of security. We regularly audit our processes and work with expert consultants to ensure our policies are up-to-date with the latest requirements.
OnceHub provides educators and other members of the education community with all the tools necessary to maintain compliance with the Family Educational Rights and Privacy Act (FERPA). We have multiple checks in place to ensure that only authorized users have access to data. As the data controller, educational organizations have the ability to export, correct, and share their OnceHub data as they see fit.
Compliance is an ongoing process, and we are continuously adding to the list of frameworks and certification bodies we work with. If you are interested in an industry-specific certification, please contact us to find out if it’s on our compliance roadmap.