Artera, a SaaS digital health leader in patient communications, has achieved Service Organization Control (SOC) 2 Type 2 compliance for the following Trust Services Criteria: Security, Availability and Privacy. The rigorous audit, issued by the American Institute of CPAs (AICPA), is designed to ensure cloud-based service providers store and process client data in a secure manner. The attainment of this voluntary third-party compliance report underscores Artera’s dedication to delivering the highest level of data security and privacy for its 700+ healthcare providers and federal agency customers.
Data security is top of mind for healthcare providers today. Data attacks are some of the most compromising experiences medical organizations can face because they not only put confidential patient information at risk but require extensive time to recover and cost an average of $11 million1. And in today’s highly connected and digitized healthcare ecosystem, implementing proper data protection measures is critical not just for healthcare providers, but also for their vendor partners.
“We operate in a highly regulated industry, caring for some of the most sensitive data. We take the security and privacy of it very seriously,” said Justin Widlund, General Counsel, Artera. “At Artera, we don’t just aim to meet the industry’s standard for security and privacy – we go above and beyond to exceed that standard – and earning this certification with a perfect score is a testament to that.”
As the company’s sixth third-party assessment, this report adds to a growing list of certifications and compliance reports showcasing Artera’s continuous commitment to information security and privacy. In addition to SOC 2 Type 2, Artera is certified with:
- HITRUST: As the gold standard for organizations in healthcare, Artera has been HITRUST-certified since 2019. The HITRUST CSF is a rigorous set of controls that covers, among other sources, all the requirements of HIPAA.
- ISO 27001: Used by more than 60,000 companies worldwide, establishes requirements for forming, implementing, maintaining, and continually improving an Information Security Management System (ISMS). This standard serves as the foundation upon which the other ISO 27000 standards are built.
- ISO 27017: Extends supplementary requirements for the implementation of information security controls for cloud services.
- ISO 27701: Establishes requirements for the formation, implementation, maintenance and continuous improvement of a Privacy Information Management System (PIMS) to protect the privacy and processing of personal data. Artera has been certified against the ISO 27701 standard as a data processor.
- ISO 27018: Provides further requirements beyond ISO 27701 for the protection of personally identifiable information (PII) within cloud environments.
As the leader in patient communications, Artera has been championing data security and compliance for more than eight years. While continuing to innovate and deliver improvements to patient communications, data protection and safety remain at the forefront, holding the team to the highest standards for safeguarding healthcare organizations and the patients they serve.