Runbook

health operations OS

Legal

Compliance

Regulatory compliance and certifications.

Compliance posture

How Runbook.health approaches regulatory alignment and continuous assurance.

Compliance work is treated as an ongoing operating discipline, supported by controls, standards mapping, and regular third-party review to maintain a strong trust posture.

Focus 01

Core certifications and frameworks shape the compliance program.

Focus 02

Healthcare, privacy, and quality requirements remain part of the operating model.

Focus 03

Regular audits and assessments help validate and strengthen the posture.

Document map

Compliance at a glance.

Review the main commitments, controls, and responsibilities captured in this document before diving into the full policy detail below.

01

Certifications and standards

Runbook.health aligns its program with major security, privacy, and quality standards relevant to healthcare and software operations.

02

Regulatory compliance

The compliance program accounts for healthcare provider requirements, software quality expectations, privacy law obligations, and accreditation-related controls.

03

Audit and assessment

Third-party audits and security assessments are used to validate the compliance posture, identify improvement opportunities, and support ongoing assurance.

Certifications and standards

Runbook.health aligns its program with major security, privacy, and quality standards relevant to healthcare and software operations.

HIPAA: Health Insurance Portability and Accountability Act compliance
SOC 2 Type II: Security, availability, and confidentiality controls
ISO 27001: Information security management system standard
GDPR: General Data Protection Regulation compliance
State privacy laws: Compliance with CCPA, CPRA, and other state regulations

Regulatory compliance

The compliance program accounts for healthcare provider requirements, software quality expectations, privacy law obligations, and accreditation-related controls.

Healthcare provider standards
Medical device software standards such as IEC 62304
Quality management systems such as ISO 13485
Privacy and data protection laws
Industry-specific accreditation requirements

Audit and assessment

Third-party audits and security assessments are used to validate the compliance posture, identify improvement opportunities, and support ongoing assurance.

Need clarification?

Need compliance documentation?

For compliance questions, audit-report requests, or trust-center follow-up, contact compliance@runbook.health.

Contact our team