We are excited to share that our platform Truveta Studio and Truveta Data have earned certified status by HITRUST for information security. This achievement places Truveta in an elite group of organizations worldwide that have earned this certification.
HITRUST r2 Certification demonstrates that Truveta Data and Truveta Studio have met demanding regulatory compliance and industry-defined requirements and Truveta is appropriately managing risk. By including federal and state regulations, standards, and frameworks and incorporating a risk-based approach, the HITRUST Assurance Program helps organizations address security and data protection challenges through a comprehensive and flexible framework of prescriptive and scalable security controls. The HITRUST certification also includes certification against the NIST Cybersecurity Framework (CSF) v1.1. NIST CSF is a voluntary framework designed to help organizations manage and reduce cybersecurity risks.
Truveta offers the most complete, timely, and clean regulatory-grade electronic health record (EHR) data from more than 120 million patients across 30 US health systems, empowering researchers to study all diseases, drugs, and devices. Truveta Data is updated daily for the most current view of patient care, representative of inpatient and outpatient care from over 900 hospitals and 20,000 clinics. By providing a complete view of the patient journey, including clinical notes and medical images, Truveta enables researchers to accelerate therapy approval and adoption, and enhance patient care.
Aligned with guidance published by the FDA, Truveta has invested deeply in establishing rigorous and demonstrable standards of data quality and provenance, workflow support for regulatory submissions, and audit-ready processes, procedures, and controls to support life sciences organizations in meeting the most stringent requirements of major regulatory bodies. HITRUST r2 Certification further supports Truveta’s commitment to data quality, security, and privacy.
Truveta has also completed Type 2 System and Organization Controls (SOC) 2 examination and maintains an ISO 27001 certification, with the ISO 27701 and ISO 27018 extensions.
Type 2 SOC 2 is a rigorous and comprehensive compliance standard developed and governed by the American Institute of CPAs (AICPA).
The ISO 27001 and ISO 27018 are the standards for information technology security management systems and protection of personally identifiable information in public clouds, respectively. The ISO 27018 certificate compliments the former. The ISO 27701 certificate speaks to the company’s privacy controls and is also an extension of ISO 27001.
Type 2 SOC 2 examination and ISO certification assessments have been completed by Schellman & Company, LLC, who was also the external assessor for the HITRUST r2 validated assessment.