Skip to main content

Keeping your data secure

As a trusted benefits partner, Benefitfocus has implemented multiple levels of controls at the application, system and procedural levels to ensure the security and privacy of the personal data entrusted to us by our associates, customers and partners.

What we do

Security is our top priority

We protect your sensitive company and member data using strict security standards and privacy controls. Through continuous investments in processes, tools and technologies, our Security team ensures your platform is safe in every way.

Practices and policies

Our backup protocols have backup protocols

Embedded layers of controls ensure the protection of your applications, systems and data environments. We use security policies and practices that are backed up, integrated, and redundant.

Third-party audits

Inspiring consumer confidence

Benefitfocus consistently demonstrates an ability to provide services and information security that meets and exceeds client service levels and applicable regulatory requirements. Don’t take our word for it,  trust in our accredited third-party audits performed regularly to make sure that your data is protected.

SOC Reports

SOC 1 Type 2 and SOC 2 Type 2 controls are assessed annually, spanning our controls on security, availability, confidentiality, and privacy on multiple web properties, products, and services.

Learn more
PCI Compliance

Every year a Qualified Security Assessor (QSA) performs an independent assessment of compliance against the Payment Card Industry Data Security Standards, or PCI-DSS.

Learn more
HITRUST Certification

HITRUST assessments are completed every two years. An interim assessment is conducted one year from certification to ensure that there have been no material changes.

Learn more

We're certified

Maintaining valuable security certifications is a requirement

Our commitment to security excellence is best shown through our many certifications and accreditations, which extend beyond what you see here.


We've got a plan

Incident management and disaster recovery processes

Benefitfocus maintains, follows and exercises documented incident response policies consistent with NIST guidelines for computer incident handling and complies with data breach notification terms applicable to State and Federal laws and regulations. Benefitfocus monitors for and investigates potential unauthorized access, use and disclosure of data and is prepared to execute appropriate response plans upon incident discovery.

Every year, we perform an extensive evaluation of our business operation, security programs and supporting infrastructure. We use these results to directly inform our business continuity plans, which include roles, responsibilities, activation, response, recovery, reconstitution and ongoing validation of our environments.

Because our environments are fully redundant, our systems are highly available and protected from system events, such as hardware failures related to natural disasters. As part of our ongoing modernization efforts, planning is underway to expand our current on-prem data centers to include Amazon Web Services (AWS) public-cloud environment. Our expansion to AWS will deliver enhanced benefits – including faster delivery, reduced planned downtime, increased scalability and broader access to cutting-edge technologies. Most importantly, our customers will have the same security standards, privacy and compliance protection they expect today, with even greater capabilities inherent in AWS.


Better than the standard

Data security that meets HIPAA standards

As a Covered Entity and a Business Associate to many of our customers, Benefitfocus treats all Protected Health Information (PHI) with the utmost care. We have implemented technical, physical, and administrative safeguards recommended by industry regulators, as well as those required by applicable Health Insurance Portability and Accountability Act (HIPAA) legislation. To further meet HIPAA security requirements, Benefitfocus also takes every precaution to protect its network, hardware and software from viruses, malware, adware, attacks, and other forms of intrusion.

The latest news about Benefitfocus

What's happening with benefits now?

We’re changing the way people buy and access their benefits and the world is taking note! Read up on the latest about Benefitfocus in the articles below.

Report a security concern

If you've seen something that you'd like for the Benefitfocus security team to review, please let us know.