Key Points: 

  • The SOC 2 Type II Audit is one of the world’s highest recognized standards for information security compliance. 
  • The American Institute of CPAs (AICPA) developed this standard to allow a third-party auditor to validate a company’s internal controls for information security.
  • We partnered with the Johanson Group which has independently confirmed Hello Heart’s SOC 2 compliance – and our rigorous commitment to information security – in a new Auditor’s Report.

In our modern era of cyberattacks and data theft, companies – especially digital health companies that handle protected health information – have an obligation to excellence in information security. 

To ensure we’re up to the highest industry standards, Hello Heart recently partnered with the Johanson Group, who reviewed our internal controls including policies, procedures, and infrastructure regarding data security, firewall configurations, change management, logical access, backup management, business continuity and disaster recovery, security incident response, and other critical areas of our business.

Thanks to a company-wide effort here at Hello Heart, and with the help of our trusted partner Johanson Group, we successfully achieved SOC 2 compliance and received an Auditor’s Report, which we are happy to share to demonstrate that our policies, procedures, and infrastructure meet or exceed the SOC 2 criteria. 

In fact, by partnering with Johanson Group, we can confidently say we go above and beyond the minimum requirements for SOC 2 by integrating our critical infrastructure to monitor compliance to the SOC 2 framework 24/7/365, not just during the audit window.

We believe the relationship with our users and clients must be built on trust. The successful completion of our SOC 2 Report is one of many ways that we have planned to earn and retain that trust.

SOC 2 is just one aspect of our ever-growing security program. We are committed to continually improving our information security program and retaining an annual SOC 2 audit to ensure we keep supporting our customers’ needs.


If you have any questions or feedback on security and privacy at Hello Heart, please reach out to us at: security@helloheart.com.

Hello Heart is not a substitute for professional medical advice, diagnosis, and treatment. You should always consult with your doctor about your individual care.

1. Gazit T, Gutman M, Beatty AL. Assessment of Hypertension Control Among Adults Participating in a Mobile Technology Blood Pressure Self-management Program. JAMA Netw Open. 2021;4(10):e2127008, https://doi.org/10.1001/jamanetworkopen.2021.27008. Accessed October 19, 2022. (Some study authors are employed by Hello Heart. Because of the observational nature of the study, causal conclusions cannot be made. See additional important study limitations in the publication. This study showed that 108 participants with baseline blood pressure over 140/90 who had been enrolled in the program for 3 years and had application activity during weeks 148-163 were able to reduce their blood pressure by 21 mmHg using the Hello Heart program.) (2) Livongo Health, Inc. Form S-1 Registration Statement. https:/www.sec.gov/Archives/edgar/data/1639225/000119312519185159/d731249ds1.htm. Published June 28, 2019. Accessed October 19, 2022. (In a pilot study that lasted six weeks, individuals starting with a blood pressure of greater than 140/90 mmHg, on average, had a 10 mmHG reduction.) NOTE: This comparison is not based on a head-to-head study, and the difference in results may be due in part to different study protocols.
2. Validation Institute. 2021 Validation Report (Valid Through October 2022). https://validationinstitute.com/wp-content/uploads/2021/10/Hello_Heart-Savings-2021- Final.pdf. Published October 2021. Accessed October 19, 2022. (This analysis was commissioned by Hello Heart, which provided a summary report of self-fundedemployer client medical claims data for 203 Hello Heart users and 200 non-users from 2017-2020. Findings have not been subjected to peer review.)