Omada Health Completes SOC 2 Type II Audit
Digital Health Pioneer Continues to Elevate Privacy and Security Standards
San Francisco, CA (August 29, 2018) -- Building on the SOC 2 Type I Audit completed earlier this year, Omada Health today announced the completion of its Service Organization Control for Service Organizations (SOC 2) Type II Audit, becoming the first company of its kind to achieve both levels of external validation of IT, security, and privacy practices. Last year, Omada Health achieved the HITRUST Certification, further solidifying their commitment to complying with all U.S. HIPAA security regulations.
The audit was conducted by Schellman & Company, LLC (“Schellman”), a leading provider of attestation and compliance services. Omada’s SOC 2 Type 1 Audit, completed in November, attested that Omada had suitably designed and implemented controls across five key areas: data security, availability, processing, integrity, confidentiality and privacy. Companies completing the audit have the option to be judged on one or more of the five categories, and Omada met or exceeded the industry-leading standard in all five.
The SOC 2 Type II Audit affirmed the effectiveness of Omada’s controls across all five categories. The company’s compliance will be evaluated every year moving forward. The controls were examined using a rigorous process throughout the six-month period between February and August.
Omada’s VP of Information Technology and Security William Dougherty, whose team led the development of processes and systems tested in the audit, put the accomplishment in context. “We embraced the challenge of designing and updating systems and processes to meet the highest standards of accountability,” he said. “We chose to be evaluated across all five categories, and our completion of the audit is a testament to how seriously we take our commitments to our participants, our partners, and our customers.”
“Trust and security are essential in digital health - and it’s on us to establish that trust,” added Omada Chief Privacy and Regulatory Officer Lucia Savage, JD. “Operating as a HIPAA-covered entity within the industry means we must continue to push forward industry standards. The work of our IT and Security Team, validated by Schellman demonstrates exactly that.”
The SOC 2 Audit evaluates applicants in five categories within the Trust Services Criteria of the American Institute of Certified Public Accountants:
- Security - Verifying the system is protected against unauthorized access, use, or modification to meet the entity’s commitments and system requirements.
- Availability - Verifying the system is available for operation and use to meet the entity’s commitments and system requirements.
- Processing Integrity - Verifying the system processing is complete, valid, accurate, timely, and authorized to meet the entity’s commitments and system requirements.
- Confidentiality - Verifying that information designated as confidential is protected to meet the entity’s commitments and system requirements.
- Privacy - Verifying personal information is collected, used, retained, disclosed, and disposed to meet the entity’s commitments and system requirements.
“Transparency and security has never been more important in the digital health space,” said Douglas Barbin, principal and cybersecurity leader at Schellman. “The completion of a type 2 examination is no small achievement. While the previous type 1 audit examined controls at that point in time, this assessment required Omada to maintain and operate its controls consistently for the entire period under review.”
About Omada Health
Omada Health is a digital behavioral medicine company that inspires and enables people to change the habits that put them most at risk for chronic conditions such as heart disease and type 2 diabetes. The company is the largest CDC-recognized provider of the National Diabetes Prevention Program, and since its founding. Omada’s program combines proven behavioral science, the power of professional health coaches and peer groups, connected technology, and world-class design to deliver clinically-meaningful results. The company operates on a pay-for-outcomes pricing model that aligns incentives between Omada, customers, and participants. Omada Health was named a 2016 Technology Pioneer by the World Economic Forum, and one of Fast Company’s Most Innovative 2017. To learn more, visit www.omadahealth.com.
For more information, contact: