Security is more than a process. It’s our foundation.

Keeping your data safe and sound comes first in everything we do.

Omada is the only company of its kind with both HITRUST and SOC 2 certifications.

HITRUST-logo-grey SOC2_grey

We're data defenders

Data allows us to engage new audiences, empower health coaches, and deliver the very best outcomes for our participants. With our rigorous security features and policies, partners and participants can rest easy knowing their information is always protected.
Partners@2x.png
For partners
While we’re a HIPAA covered entity in delivering the Omada program to our participants, we’re also the business associate of our customers—using data that you provide to check eligibility and conduct enrollment outreach activities. You’ll retain ownership of all data that you share with us, and we’ll protect it in accordance with our customer agreement and BAA.
Partners@2x.png
For participants
To individuals enrolled in our program, Omada delivers the Omada program as a health care provider and covered entity (like your doctor). We make absolutely certain that we safeguard your protected health information (PHI) according to the requirements of HIPAA and industry best practices.

“Omada is an organization people can count on to keep their information safe.”

Ken Vander Wal, Chief Compliance Officer

CISA, CPA

Health Information Trust Alliance

“While any successful SOC 2 report is an achievement, the alignment of Omada’s security and privacy control activities with all five Trust Services categories is considered exceptional.”

Douglas W. Barbin, Principal

CPA, CISSP, PCI QSA

Schellman

Secure. Reliable. Validated.

Omada is trusted by the country’s largest employers and health plans because of our industry-leading security standards.

Partners@2x.png
Hosting

Our infrastructure runs on Amazon Web Services, ensuring the highest benchmarks in host and network encryption, patch management, physical security, and network security. All data is stored within the U.S.

Partners@2x.png
Continuity

Our targeted uptime is 99.9% excluding maintenance. Want to see for yourself? Check out this week’s performance status.

Partners@2x.png
External Assessments
We enlist independent security firms to conduct annual third-party penetration tests on an annual basis that assess our site for vulnerabilities.
OUR TEAM
WilliamDougherty.png

“Trust and security are table stakes in digital healthcare. With our third-party certifications, we’re proud to be leading the way once again.”

– William Dougherty, Security Officer

MSIT, CISSP, CISM, CCSP

Lucia Savage

“Befitting a leading-edge digital health company where participants use secure messaging multiple times a day to engage with their health coaches, Omada has built a first-class security infrastructure.”

- Lucia Savage, Privacy Officer

JD

WilliamDougherty.png

“The effectiveness of our compliance program provides assurance to our partners and participants that their data is safe with us.”

- Patrick Curry, Compliance Officer

PhD, CIPP/US

WilliamDougherty.png

“We take our obligations to protect all data on our platform very seriously at Omada, regardless of the source. These third-party certifications validate the robust data security program that we’ve implemented to protect our customers and our participants.”

- Justin Ferber, General Counsel

JD

WilliamDougherty.png

“Omada Health has inspired a guiding principle of putting the needs of participants first, which includes the security of their data. The security culture is carried throughout the workforce by empowering teams to hustle smart.”

- Greg Sonier, Senior Manager Information Security

CISSP
Omada Health’s App r oach to Securi t y

Curious to learn more?

Download our security whitepaper to get all the details.