Information Security

 

Security and Privacy Overview

As a leading provider of data and analytics technologies and services, Health Catalyst has an unwavering commitment to deliver the highest level of information security and data privacy to its clients.

With safeguards that meet rigorous privacy certification standards, clients can rest assured that their confidentiality, integrity, and availability of nonpublic information is protected.

Protecting Our Greatest Asset

The confidentiality, integrity, and availability of our customers’ data is the focus of our security program.

 


Frameworks

HIPAA
Health Catalyst adheres to the regulatory framework of Health Insurance Portability and Accountability Act (HIPAA), with adequate measures for saving, accessing, and sharing individual medical and personal information.
NIST logo
Our cybersecurity approach builds its foundation on the National Institute of Standards (NIST) Cybersecurity Framework CSF—a cybersecurity infrastructure focused on preventing, detecting, and managing any security threat or risk.
CIS logo
Center for Internet Security: Health Catalyst operational standards are based upon CIS baselines and benchmarks that provide global standards for cybersecurity.

 


Current Third-Party Audits and Certifications

SOC 2 audited
The Health Catalyst SOC 2 Type II report is an independent assessment of our control environment performed by a third party.The SOC 2 report is based on the AICPA’s Trust Services Criteria and is issued annually in accordance with the AICPA’s AT Section 101 (Attest Engagements). The report covers the 12-month period of June 1 through May 31, and details the design and operating effectiveness of controls relevant to any system containing customer data as part of the Health Catalyst Cloud hosting solution. The Health Catalyst SOC 2 report addresses three of the five Trust Services Criteria (Security, Availability, Confidentiality).
SOC 3 available
The American Institute of Certified Public Accountants (AICPA) has developed the Service Organization Control (SOC 3) framework for safeguarding the confidentiality and privacy of information that is stored and processed in the cloud.The Health Catalyst SOC 3 report, an independent assessment of our control environment performed by a third party, is publicly available and provides a summary of our control environment relevant to the security, availability, confidentiality of customer data. Access the Workday SOC 3 report.
title 21 CFR compliant
21 CFR Part 11 is the FDA’s regulations for electronic documentation and electronic signatures. This compliance audit considers Health Catalyst’s compliance with the administration as a business associate to our customers in relation to electronic records in Health Catalyst’s data platform. Compliance with 21 CFR Part 11 ensures that data is maintained safely and securely, to ensure data is not corrupted or lost. It also is centered on ensuring data integrity.
HITRUST
HITRUST: Leverages nationally and internationally accepted standards including ISO, NIST, PCI and HIPAA to ensure a comprehensive set of baseline security controls. Health Catalyst is actively pursuing HITRUST CSF certification and is on track to obtain certification by Q1 2021.
EHNAC
EHNAC Healthcare Network Accreditation is a national standard that indicates that healthcare stakeholders including electronic healthcare networks, financial services organizations, medical billers, third party administrators, outsourcers, ePrescribing networks, Healthcare Information Service Providers (HISP), Practice Management Systems vendors, and others have met or exceeded EHNAC’s criteria. The criteria includes conformance with federal healthcare reform legislation including HIPAA, HITECH/ARRA, ACA, Omnibus Rule, and other applicable state legislation. Further, the criteria encompass the areas of privacy, security, and confidentiality; technical performance; business practices; and resources. EHNAC accreditation is based on independent peer evaluation of an entity’s ability to perform at levels based on industry-established criteria. The accrediting process permits applicants to review their existing performance levels and to bring those levels into accordance with industry-established minimums, best practices, and conformance with applicable federal and state healthcare reform legislation.

 


Upcoming Certifications

ISOISO: A globally recognized, standards-based approach to security that outlines requirements for an organization’s Cybersecurity Management System. Health Catalyst is planning to pursue certification in its international certification strategy in 2021 or 2022.

 


Meet Our Security Experts

Kevin-ScharnhorstKevin Scharnhorst, CISSP, CISM, CPHIMS
Chief Information Security Officer,
Health Catalyst

 

Stacey-JenkinsStacey Jenkins, JD
Chief Compliance Officer,
Health Catalyst

“Health Catalyst has implemented best-practice data security and privacy standards to provide our clients with the highest information privacy, security, and compliance.”

Contact the Infosec Team

 


Related Content

COVID-19 Healthcare Cybersecurity: Best Practices for a Remote Workforce

Join our growing community of healthcare leaders

Stay informed by getting the latest news and exclusive updates from Health Catalyst.

This site uses cookies

We take pride in providing you with relevant, useful content. May we use cookies to track what you read? We take your privacy very seriously. Please see our privacy policy for details and any questions.