Safeguarding our members’ trust: One Degree is now HIPAA-compliant

One Degree
One Degree
Published in
3 min readJan 27, 2015



Every week we get emails or calls from people who have turned to One Degree in a moment of crisis. A mom who needs to find a new home for her family and doesn’t know where to start. A formerly incarcerated individual who’s trying to get back on his feet and land a job.

Here at One Degree, we provide a vital link to the experts that so many people are missing. The first step is gaining our members’ trust to understand what they are going through.

During this process, many individuals share sensitive personal information so that we can direct them to the resources that best fit their needs. Some choose not to share a lot of information, and that’s OK too. One Degree is fully accessible without divulging anything. But for those who are looking for personalized guidance, and who open up about their personal life, we need to safeguard the trust they’ve placed in us.

That’s why we’re announcing that One Degree is now compliant with HIPAA, the federal law that governs how health information should be protected.

Added security & peace of mind

Although the type of work we do and the information we collect from our members does not currently fall under HIPAA’s requirements, we have taken this extra step to ensure that our members’ privacy is never compromised, even as we expand the scope of our work to include more health-specific programs and agencies. I won’t detail all of the requirements and safeguards here (there are thousands of pages of regulations!), but needless to say, they are rigorous. By complying with them, our standards now also meet this high bar.

Going the extra mile

In addition to meeting the law’s requirements, we have also gone a step further as an organization: All One Degree staff with access to personal member information undergo a criminal background check. We want to ensure that we are not putting our members in jeopardy when they reach out to us. We believe having this added transparency in our team enables us to better guard against inappropriate or unforeseen behavior.

While we have procedures and policies in place, they are only as good as the extent to which they are followed. That’s why we require that new and existing One Degree staff participate in annual privacy and security training. Our team learns how to properly handle sensitive personal information and how to work with members.

What HIPAA means for our members

We call the people who use One Degree our “members” — a term we use because we’re building a community, not just putting content on a website. Our first and foremost priority is to put our members at the heart of what we’re doing, and the steps I’ve outlined here help us to do that in a way that builds trust and mutual respect.

Most members and causal site visitors will not notice a big difference now that we’re HIPAA compliant. The majority of changes were made in the back end. The one change you may encounter as a member is being asked to re-enter your password more frequently when accessing your personal information. This keeps things safer for you and is a part of complying with the law.

Thanks to our supporters

Lastly, this would not be possible without the assistance of TrueVault, Accountable, Amazon Web Services, and Y Combinator. They partnered with us in different parts of the HIPAA process, and we are grateful for their support.

Please feel free to reach out to me at eric[at] if you have any questions or comments about what I’ve outlined above.

Eric Lukoff
Chief Technology Officer



One Degree
One Degree

Bringing life-changing social services within reach for the millions of low-income people seeking help every day