TMCnet News
Luma Health Elevates its Security Practices with ISO/IEC 27001:2022 CertificationLuma demonstrates strong commitment to information security by adding ISO/IEC 27001:2022 to its existing HITRUST r2 and SOC 2 Type II certifications — surpassing the HIPAA requirements to safeguard data, demonstrate compliance, and foster trust SAN FRANCISCO, March 27, 2024 /PRNewswire/ -- Luma Health, innovator of the market-leading Patient Success Platform™, confirmed today it has attained one of the most stringent security standards for information security management systems: ISO/IEC 27001:2022. The certification highlights Luma's commitment to security and its completion of a suite of security certifications, which includes ISO/IEC 27001:2022, SOC 2 Type II, and HITRUST CSF r2. The ISO (International Organization for Standardization) is an independent, non-governmental international organization, and ISO/IEC 27001 is the world's best-known standard for information security management systems (ISMS). It provides companies of any size and across all sectors with rigorous guidance for establishing, implementing, maintaining, and continually improving an informationsecurity management system. Conformity and verification by an independent third-party assessor with the latest form of ISO/IEC 27001:2022, it was updated in 2022, is especially important for IT service providers in the healthcare sector. Today's announcement demonstrates that Luma has implemented a rigorous approach to manage risks related to the security of data owned or handled by the company, and that this system respects all the best practices and principles enshrined in this international standard. Further, it underscores that Luma Health conforms with the HIPAA Privacy Rule and HIPAA Security Rule in five ways:
"Ensuring the highest level of data security is paramount at Luma Health, where enabling our customers to deliver patient-centric care is our core mission. Achieving ISO 27001:2022 certification is a testament to our unwavering commitment to information security," said Nick Lees, director of information security and compliance at Luma Health. "It's not just about compliance; it's about upholding the trust our customers and their patients place in us to manage health information with the utmost integrity and protection. This certification, above all, stands as a beacon of our dedication to excellence in security within the healthcare technology sector." In addition to achieving ISO/IEC 27001:2022 certification, Luma Health is also HITRUST® Common Security Framework r2 certified and SOC 2 Type 2 attested. The company's information security and compliance function comprises a dedicated in-house team and a fully documented set of policies, procedures and controls that are independently audited no less than annually by a third party to ensure they are operating effectively. About Luma Health Headquartered in San Francisco, Luma serves more than 600 health systems, integrated delivery networks, federally qualified health centers, specialty networks, and clinics across the United States, and today orchestrates the care journeys of more than 50 million patients. For additional information, visit lumahealth.io. Media contact: View original content to download multimedia:https://www.prnewswire.com/news-releases/luma-health-elevates-its-security-practices-with-isoiec-270012022-certification-302100471.html SOURCE Luma Health Inc. |