Omada Health Achieves HITRUST CSF Certification
Leading Digital DPP Provider Meets Security, Privacy, and Compliance Requirements for Industry-Leading Certification
San Francisco, CA (August 14, 2017) – Omada Health, the leading provider of digital behavioral counseling for individuals at risk for type 2 diabetes and cardiovascular disease, today announced the company has earned Certified status for information security by HITRUST. With the HITRUST CSF Certification, Omada’s Orange and Kairos systems -- those that contain, process or assess PHI – have been recognized as meeting key healthcare regulations and requirements for protecting and securing sensitive private healthcare information. Specifically, HITRUST certifies that Omada systems comply with all U.S. HIPAA security regulations, as well as PCI, ISO 27001 and NIST security standards.
Omada’s VP of IT and Security William Dougherty led the effort for Omada’s systems to earn certification. “Ensuring our participants’ personal health information (PHI) stays private and secure is our top priority. HITRUST provides independent, third-party attestation that our investments in infrastructure and security lead the digital health industry,” said Dougherty. “The best-in-class certification from HITRUST validates that not only are our systems set up to protect PHI – but that our policies, processes, and technical controls do the same.”
“One of our core values is ‘participants first,’” added Omada CEO Sean Duffy. “That means keeping health data safe. Thanks to the work of Bill and his team, our participants, current customers, and potential partners can contract with Omada knowing that we meet all industry-leading standards for protecting individuals’ PHI.”
HITRUST CSF Certified status indicates that the Omada Program has met industry-defined requirements and is appropriately managing risk, and places Omada in an elite group of organizations worldwide that have earned this certification. By including federal and state regulations, standards and frameworks, and incorporating a risk-based approach, the HITRUST CSF helps organizations address these challenges through a comprehensive and flexible framework of prescriptive and scalable security controls.
“HITRUST has been working with the industry to ensure the appropriate information protection requirements are met when sensitive health information is accessed or stored in a cloud environment,” said Ken Vander Wal, Chief Compliance Officer, HITRUST. “We are pleased that Omada Health has taken the steps necessary to achieve HITRUST CSF Certified status, and we expect their customers to have confidence in this designation.”