Truveta achieves HITRUST r2 Certification, demonstrating the highest level of information protection assurance
BELLEVUE, Wash., Nov. 20, 2024 (GLOBE NEWSWIRE) -- Truveta announced that its platform Truveta Studio and Truveta Data have earned certified status by HITRUST for information security. This achievement places Truveta in an elite group of organizations worldwide that have earned this certification.
HITRUST r2 Certification demonstrates that Truveta Data and Truveta Studio have met demanding regulatory compliance and industry-defined requirements and Truveta is appropriately managing risk. By including federal and state regulations, standards, and frameworks and incorporating a risk-based approach, the HITRUST Assurance Program helps organizations address security and data protection challenges through a comprehensive and flexible framework of prescriptive and scalable security controls. The HITRUST certification also includes certification against the NIST Cybersecurity Framework (CSF) v1.1. NIST CSF is a voluntary framework designed to help organizations manage and reduce cybersecurity risks.
Truveta offers the most complete, timely, and clean regulatory-grade electronic health record (EHR) data from more than 120 million patients across 30 US health systems, empowering researchers to study all diseases, drugs, and devices. Truveta Data is updated daily for the most current view of patient care, representative of inpatient and outpatient care from over 900 hospitals and 20,000 clinics. By providing a complete view of the patient journey, including clinical notes and medical images, Truveta enables researchers to accelerate therapy approval and adoption, and enhance patient care.
Aligned with guidance published by the FDA, Truveta has invested deeply in establishing rigorous and demonstrable standards of data quality and provenance, workflow support for regulatory submissions, and audit-ready processes, procedures, and controls to support life sciences organizations in meeting the most stringent requirements of major regulatory bodies. HITRUST r2 Certification further supports Truveta’s commitment to data quality, security, and privacy.
“Truveta’s mission is Saving Lives with Data. Trust is at the very foundation of that mission, as no data is more personal than healthcare data,” said Oscar Papel, chief information security officer and vice president of engineering, Truveta. “To earn and maintain that trust, we have invested deeply in the most advanced security and privacy standards to manage and protect de-identified regulatory-grade patient data in Truveta. We are proud of these achievements as evidence of our relentless commitment to security and privacy.”
“HITRUST certification is globally recognized as validation that information security and privacy controls are effective and compliant with various regulations. HITRUST certification is considered the gold standard because of the comprehensiveness and applicability of the control requirements, depth of the assurance process, and level of oversight that ensures accuracy,” said Jeremy Huval, Chief Innovation Officer at HITRUST.
“Truveta manages one of the most extensive and complex health data sets in the world. To ensure the appropriate protection, Truveta partnered with RISCPoint to develop an advanced information security program, aligned with the rigorous standards of the HITRUST CSF,” said Jake Nix, CEO, RISCPoint. “This effort, which took over a year, involved an in-depth review of personnel, processes, and systems. As a result, Truveta formalized over 600 unique security controls aligned with leading practices, which were validated by Schellman and Company, LLC, a leading external assessor. At RISCPoint, we appreciate working with forward-thinking organizations like Truveta that prioritize the security and privacy of their customers, patients, and the broader community.”
Truveta has also completed Type 2 System and Organization Controls (SOC) 2 examination and maintains an ISO 27001 certification, with the ISO 27701 and ISO 27018 extensions. Type 2 SOC 2 is a rigorous and comprehensive compliance standard developed and governed by the American Institute of CPAs (AICPA). The ISO 27001 and ISO 27018 are the standards for information technology security management systems and protection of personally identifiable information in public clouds, respectively. The ISO 27018 certificate compliments the former. The ISO 27701 certificate speaks to the company’s privacy controls and is also an extension of ISO 27001. Type 2 SOC 2 examination and ISO certification assessments have been completed by Schellman & Company, LLC, who was also the external assessor for the HITRUST r2 validated assessment.
To learn more about Truveta, visit Truveta.com.
About Truveta
Truveta is a collective of US health systems with a mission of Saving Lives with Data. Truveta delivers the most complete, clean, and timely regulatory-grade EHR data for scientifically rigorous research. Truveta is trusted by leading life science, public health, healthcare, and academic organizations to accelerate adoption of new therapies, improve clinical trials, and enhance patient care.
Truveta membership includes Providence, Advocate Health, Trinity Health, Tenet Healthcare, Northwell Health, AdventHealth, Baptist Health of Northeast Florida, Baylor Scott & White Health, Bon Secours Mercy Health, CommonSpirit Health, Hawaii Pacific Health, HealthPartners, Henry Ford Health, HonorHealth, Inova, Lehigh Valley Health Network, MedStar Health, Memorial Hermann Health System, MetroHealth, Novant Health, Ochsner Health, Premier Health, Saint Luke’s Health System, Sanford Health, Sentara Healthcare, Texas Health Resources, TriHealth, UnityPoint Health, Virtua Health, and WellSpan Health.
Attachments
- Truveta is a collective of US health systems with a mission of Saving Lives with Data.
- Truveta announced that its platform Truveta Studio and Truveta Data have earned certified status by HITRUST for information security.
Ellie Lampton Truveta 2064092912 ellief@truveta.com
© Copyright Globe Newswire, Inc. All rights reserved. The information contained in this news report may not be published, broadcast or otherwise distributed without the prior written authority of Globe Newswire, Inc.