Security & Compliance

Inbox Health Certifications and Third-Party Attestations

We’re committed to the highest security and compliance standards in healthcare. Inbox Health engages external certifying bodies to ensure the policies, processes, and controls established and operated by Inbox Health meet or exceed applicable regulatory requirements and industry best practices.

HIPAA Compliant

Inbox Health is compliant with the U.S. Health Insurance Portability and Accountability Act (HIPAA), providing a secure environment to process, maintain, and store protected health information.

PCI Compliant

Inbox Health regularly performs self-assessments of the PCI DSS under the Payment Card Industry (PCI) Data Security Standard (DSS) for the handling of credit card information.


SOC 2 is a Service Organization Control (SOC) audit on how a cloud-based service provider handles sensitive information. It covers both the suitability of a company’s controls and its operating effectiveness.

Trust Service Principles

For cloud and data storage companies, having an independent assessment of their security safeguards is a cornerstone of trust, covering five total trust service principles (TSPs): security, availability, processing integrity, confidentiality, and privacy. As part of the assessment, a cloud-based vendor hosts independent inspectors, provides them with documentation of controls, and allows their systems to be sampled and tested.


Inbox Health is compliant with National Institute of Standards and Technology (NIST) Publication 800-53 Rev 3 (Recommended Security Controls for Federal Information Systems).

Two-Factor Authentication

Inbox Health offers Two-Factor Authentication to enhance your account’s security and reduce the risk of unauthorized access, data breaches, and identity theft.

Get started with Inbox Health today

Inbox Health was built for medical billers. Click below and schedule a quick chat 
– let’s get to know each other.

schedule a call