Security
TPA Stream handles sensitive benefits and claims data for TPAs and their employer clients, and we treat protecting it as core to our business.
TPA Stream maintains a SOC 2 Type II report and operates as a HIPAA business associate.
We encrypt data both in transit and at rest, restrict access to authorized personnel on a least-privilege basis with multi-factor authentication, and monitor our production environment. Our practices are reviewed regularly and examined as part of our annual SOC 2 audit.
For security questions, to report a vulnerability, or to request our SOC 2 report or list of sub-processors, contact security@tpastream.com. We review all good-faith reports and will not pursue action against researchers acting in good faith.