COVID-19 Healthcare Startup Curative Achieves SOC 2 Security Control Compliance

A next-generation healthcare delivery company, Curative received its Service Organization Control (SOC) 2 Type 2 compliance certification, which verifies Curative adheres to providing the highest security and confidentiality levels to its patients and partners. As a company that at the height of the pandemic handled 10% of the U.S. COVID-19 daily testing and currently operates sites conducting 100,000 vaccinations* per week, the privacy and safety of patient data is core to Curative's work and internal processes. 

Curative proactively applied for SOC 2 Type 2 certification, which validates the company's stringent security controls and provides peace of mind to partners and patients alike. The independent audit of Curative's drive-thru COVID testing and vaccination clinic system was conducted November 1, 2020 through January 31, 2021, by Armanino, LLP, one of the top 25 largest independent accounting and business management consulting firms in the United States. The audit tested all Trust Service Criteria relevant to security, availability, and confidentiality. In addition, Curative's SOC 2 controls were mapped to HIPAA-HITECH, HITRUST, and NIST 800-53 controls in the additional subject matter section. 

"Patient privacy and protecting patients' data are core values at Curative. Current and future partners can rest assured that Curative values and protects the security, safety and confidentiality of the data collected from our patients," said Isaac Turner, Co-founder and Chief Technology Officer, Curative. "This independent audit demonstrates that Curative's controls relevant to security, availability, and confidentiality are reliable and trustworthy."

Implementing the SOC 2 framework operationalized Curative's security controls and provided the roadmap for maintaining the security of Curative's patient data. The certification reinforces, verifies and ensures Curative service compliance and confirms that all system requirements were achieved based on the trust services criteria relevant to the leading security standards set forth by the American Institute of CPAs (AICPA).

SOC 2 is a compliance assessment developed by the AICPA. Its purpose is to ensure that businesses handle data appropriately and securely, a non-negotiable for modern brands. Curative is committed to taking care of all data security, data confidentiality and system availability requirements. It has put the practices and processes in place to meet all critical trust services criteria, and importantly, holds its partners to the same SOC 2 standards.

As Curative moves forward in the year ahead and beyond, the company will continue to expand to provide more public health services and safely handle patients' data. For more information on services offered, please visit curative.com. 

About Curative

Curative is a leader in on-demand public health service programs and healthcare delivery infrastructure. From rapid, mass COVID-19 testing sites to mobile vaccination sites, Curative partners with communities to strengthen public health services with turn-key programs, easy-to-access experiences, and scalable infrastructure, keeping people everywhere safe, healthy, and informed. Co-founded by CEO Fred Turner and powered by a team of world-leading doctors, scientists, engineers, and health industry experts, Curative began focusing on COVID-19 testing in early March 2020 upon realizing the urgent need to scale COVID-19 test production in the United States. With a network of over 15,000 sites across over 20 states and three CLIA-certified, high-complexity laboratories, Curative and its managed medical entities have provided over 22 million COVID-19 tests and over 2 million COVID-19 vaccines. Beyond COVID-19, Curative is using its unique healthcare delivery network to bring access to the highest quality healthcare services to every American.