Paubox has earned r2 certified status by HITRUST for information security for another two years through 2027. The HITRUST r2 Certification demonstrates that the Paubox platform has met demanding regulatory compliance and industry-defined requirements.
What's happening: Since getting our first HITRUST certification in 2019, we've successfully achieved re-certification with no gaps in coverage. Our current HITRUST certification is valid until 2027.
Why it matters: The HITRUST certification is the gold standard for HIPAA compliance in U.S. healthcare. HITRUST combines multiple security standards (HIPAA, NIST, ISO) into a unified framework with 200+ controls and maturity ratings (1-5). On average, a SOC 2 audit can have between 45–60 controls, while HITRUST r2 has up to 250 controls.
What they're saying:
"HITRUST certification is globally recognized as validation that information security and privacy controls are effective and compliant with various regulations," said Jeremy Huval, Chief Innovation Officer at HITRUST.
"The HITRUST Assurance Program is rigorous and reliable because of the comprehensiveness of control requirements, depth of review, and consistency of oversight," said Bimal Sheth, Executive Vice President, Standards Development & Assurance Operations at HITRUST.
See also: What's the difference between HIPAA & HITRUST?
By the numbers:
The bottom line: While an official HIPAA compliant certification does not exist, HITRUST is widely recognized as the closest thing to it.
See also: HITRUST is more rigorous than SOC 2
Dean Levitt
