In the pharmacy business, trust is everything. Your patients trust you with their health, and you trust your partners with something equally sensitive: your data.

As pharmacy owners, we live in a world of strict regulations. We worry about HIPAA, we worry about PBM audits, and we worry about the ever-growing threat of cyberattacks. When you hand over your billing and patient files to a partner, you aren’t just handing over paperwork; you are handing over the keys to your business’s reputation.

That is why I am incredibly proud to announce that RxBB has officially achieved SOC 2 Type 1 certification.

This isn’t just a badge we put on our website. It is a verified, third-party confirmation that the systems, controls, and processes we use to handle your data meet the highest gold standard of security in the industry.

Here is what this milestone means for us, and more importantly, what it means for you and your pharmacy.

What Is SOC 2 (And Why Should You Care?)

You’ve heard of HIPAA. But in the world of technology and service providers, SOC 2 compliance (Service Organization Control 2) is the benchmark for trust.

Developed by the American Institute of CPAs (AICPA), a SOC 2 report is an audit that evaluates a company’s ability to securely manage data to protect the interests of its clients.

Unlike HIPAA, which is a set of regulations we self-attest to, a SOC 2 certification requires an independent, third-party auditor to come in, tear apart our systems, and verify that we are actually doing what we say we are doing.

The SOC 2 audit evaluates us on five “Trust Services Criteria”:

1. Security: Is the system protected against unauthorized access?
2. Availability: Is the system available for operation and use?
3. Processing Integrity: Is the system processing valid, complete, and accurate?
4. Confidentiality: Is information designated as confidential protected?
5. Privacy: Is personal information collected and used in conformity with privacy principles?

For a pharmacy owner, this answers the question: “Is my patients’ PHI (Protected Health Information) safe with RxBB?” The answer, verified by an independent auditor, is yes.

The Difference Between Type 1 and Type 2

You might see terms like SOC 2 Type 2 or SOC 1 report thrown around. It’s important to understand the difference so you know exactly what we achieved.

• SOC 1 Report: This focuses primarily on financial reporting controls. While important, it doesn’t cover the deep security and privacy concerns that healthcare providers worry about.
• SOC 2 Type 1 (Our Achievement): This audit looks at our systems at a specific point in time. It verifies that our security design is sound and that our controls are suitably designed to meet the rigorous trust criteria.
• SOC 2 Type 2: This looks at those same controls over a period of time (usually 6-12 months) to ensure they are working consistently. 

Achieving SOC 2 Type 1 is the critical first step. It proves that the fortress is built correctly. As we continue to grow, we are already moving toward Type 2 to demonstrate that our fortress stays strong every single day.

Why This Matters for Your Pharmacy

Why did we invest months of work and significant resources to become SOC compliant? Because the “old way” of pharmacy billing isn’t safe enough anymore.

1. Risk Mitigation in a Digital World

Ransomware attacks on healthcare companies are up 94%. If your billing partner gets hacked, your patients’ data is exposed. By partnering with a SOC 2 certified company, you are drastically lowering your third-party risk. We have the firewalls, the encryption, and the access controls that most small businesses can’t implement on their own.

2. Sleeping Better at Night

You have enough to worry about with staffing, inventory, and reimbursement. You shouldn’t have to worry if your billing company has weak passwords or unsecure servers. Our SOC 2 report is your peace of mind. It’s proof that we treat your data with the same level of security that a bank would.

3. A Partner That Scales With You

As you grow—adding more locations, more patient lives, and more complex services like MTM and POCT—your data footprint grows. You need a partner whose security infrastructure is built to scale with you, not a “mom and pop” biller keeping records on an unsecured laptop.

Our Commitment to You

At RxBB, we are founded by pharmacists. We know that behind every claim number is a real patient and a real pharmacy owner’s livelihood.

Achieving SOC 2 Type 1 certification was a rigorous process. It forced us to examine every workflow, every software tool, and every security protocol we have.

We did it because we believe that being your partner means more than just increasing your revenue. It means protecting your business.

Thank you for trusting us with your journey.