Opkit takes security, privacy, and compliance extremely seriously. Here you will find an overview of the certifications, policies, procedures, and other mechanisms that Opkit has in place to safeguard customer data.


Opkit is HIPAA compliant and SOC 2 Type 2 certified. Copies of our HIPAA certification and SOC 2 Type 2 report are availabile upon request. We partner with Insight Assurance, a leading cybersecurity firm, to renew these certificatons annually.

Penetration Testing

In addition to facilitating Opkit’s HIPAA certification and SOC 2 Type 2 audits, Insight Assurance also performs frequent penetration tests against Opkit’s software systems and cloud environment to make sure they are secure from outside attackers.

Compliance Monitoring

In addition to maintaining compliance and security standards required by HIPAA and SOC 2 Type 2, Opkit uses Vanta to perform ongoing compliance monitoring.


In general, Opkit’s customers are entities that deal with medical data and other Protected Health Information (PHI), which is governed by the Health Insurance Portability and Accountability Act (HIPAA). For this reason, Opkit is obligated to execute a Business Associate Agreement with every customer.

Trust Center

For more information about Opkit’s security, privacy, and compliance posture, please refer to our Trust Center.