We have put together all the information you need to answer your questions about SOC Reporting, including what they are, what they do, and what it takes to get them done. We also help you figure out where to start when choosing a partner to help issue your report.


What It Is
An audit process and certified report built on a framework of controls specified by the Health Insurance Portability and Accountability Act (HIPAA). The report renders an opinion on whether an organization meets HIPAA’s specified criteria related to how they create, access, store or exchange personal health and financial information. HITRUST reports can be prepared only by independent auditors that are certified members of the Health Information Trust Alliance (HITRUST), and all HITRUST reports are certified and issued by HITRUST.

Who Might Need One

Organizations using protected healthcare information including:

  • Software-as-a-Service Companies
  • Third-party Administrators