SAN FRANCISCO February 15, 2018
Building on a HITRUST Certification attained last year, Omada Health today announced that the company completed its SOC2 Type 1 Audit, becoming the first digital provider of intensive behavioral counseling to exceed both of these standards, delivering the highest level of data security for partners, customers, and participants. The SOC2 Type 1 Independent Service Auditor's Report focuses on five controls relevant to data security, availability, processing integrity, confidentiality and privacy. Companies completing the audit have the option to be judged on one or more of the five categories; Omada met or exceeded the industry-leading standard in all five.
“All of Omada's services, from verifying the clinical eligibility of our applicants to utilizing billions of data points to drive a truly personalized experience for participants, depend on a foundation of safe, secure, and private storage and transfer of information,” said VP of Information Technology and Security, William Dougherty. “Trust and security are table stakes in healthcare, and Omada has invested in both because our partners and our participants deserve to have confidence in our platform.”
“Omada operates as a HIPAA-covered entity, and for our team to continue to build the trust necessary with our partners and our participants, the work of Bill and his team — and the validation provided by this audit — are critical,” added Omada co-founder and CEO Sean Duffy.
Omada acts as both a health covered entity and as a business associate under the Health Insurance Portability and Accountability Act (HIPAA). SOC 2 examinations may only be performed by a licensed CPA firm. Schellman & Company, LLC (“Schellman”) performed as the service auditor for Omada.
The SOC 2 (Service Organization Control for Service Organizations) evaluates applicants in five categories within the Trust Services Criteria of the American Institute of Certified Public Accountants:
- Security – Verifying the system is protected against unauthorized access, use, or modification to meet the entity's commitments and system requirements.
- Availability – Verifying the system is available for operation and use to meet the entity's commitments and system requirements.
- Processing Integrity – Verifying the system processing is complete, valid, accurate, timely, and authorized to meet the entity's commitments and system requirements.
- Confidentiality – Verifying that information designated as confidential is protected to meet the entity's commitments and system requirements.
- Privacy – Verifying personal information is collected, used, retained, disclosed, and disposed to meet the entity's commitments and system requirements.
“It is always exciting to work with leading edge technology providers, but it is even more meaningful when the company's mission is to improve individual's health and quality of life,” said Douglas Barbin, principal and CyberSecurity leader at Schellman. “While any successful SOC 2 report is an achievement, the alignment of Omada's security and privacy control activities with all five Trust Services categories is considered exceptional.”
About Omada Health
Omada Health is a digital behavioral medicine company that inspires and enables people to change the habits that put them most at risk for chronic conditions such as heart disease and type 2 diabetes. The company is the largest CDC-recognized provider of the National Diabetes Prevention Program, and since its founding. Omada's program combines proven behavioral science, the power of professional health coaches and peer groups, connected technology, and world-class design to deliver clinically-meaningful results. The company operates on a pay-for-outcomes pricing model that aligns incentives between Omada, customers, and participants. Omada Health was named a 2016 Technology Pioneer by the World Economic Forum, and one of Fast Company's Most Innovative 2017. To learn more, visit http://www.omadahealth.com.
For more information, contact: