Security built for the most sensitive records in care.
SoberLab protects resident health information and substance use disorder records with enterprise-grade security, HIPAA compliance, and 42 CFR Part 2 protections — so your team can focus on recovery, not risk.
How we protect your data
Layered controls across compliance, access, encryption, and monitoring — each one independently audited.
HIPAA & Part 2 compliant
Resident health information and substance use disorder records are handled under HIPAA and 42 CFR Part 2, with a signed BAA and QSOA on file.
Role-based access
Granular, administrator-defined permissions ensure each staff member sees only the records their role requires — down to the field level.
Encryption everywhere
Industry-standard TLS protects data in transit and AES-256 at rest, with keys managed in a dedicated, access-controlled key service.
Immutable audit trails
Every access, edit, and disclosure is logged to a tamper-evident trail, giving you a complete record for investigations and audits.
Network segmentation
Part 2 records live behind a separate segmentation boundary, isolating the most sensitive data from the rest of the platform.
Backup & recovery
Encrypted, geographically redundant backups with tested recovery procedures keep your operations resilient against data loss.
Purpose-built for 42 CFR Part 2
Substance use disorder records carry protections beyond HIPAA. SoberLab keeps Part 2 records behind a dedicated segmentation boundary, with consent tracking and redisclosure controls woven into every workflow.
Consent, not just access
Every disclosure of a protected record is bound to a documented consent and logged in an immutable audit trail — so you can prove the chain of custody, not just assert it.
Certifications & commitments
Request a BAA or our security packet
We sign a Business Associate Agreement with every customer and the 42 CFR Part 2 QSOA where applicable. Email security@soberlab.io for our SOC 2 report, BAA, and subprocessor list.