The ISO (International Organization for Standardization) is an independent, non-governmental international organization, and ISO/IEC 27001 is the world's best-known standard for information security management systems (ISMS). It provides companies of any size and across all sectors with rigorous guidance for establishing, implementing, maintaining, and continually improving an information security management system.
Conformity and verification by an independent third-party assessor with the latest form of ISO/IEC 27001:2022, it was updated in 2022, is especially important for IT service providers in the healthcare sector. Today's announcement demonstrates that Luma has implemented a rigorous approach to manage risks related to the security of data owned or handled by the company, and that this system respects all the best practices and principles enshrined in this international standard.
Further, it underscores that Luma Health conforms with the HIPAA Privacy Rule and HIPAA Security Rule in five ways:
- Risk Management: ISO/IEC 27001 ensures robust risk assessment and mitigation. In healthcare, safeguarding patient data is paramount.
- Data Protection: Compliance with this standard ensures secure handling of sensitive health information, preventing breaches.
- Legal Compliance: Adhering to ISO/IEC 27001:2022 further bolsters Luma's compliance with HIPAA.
- Business Continuity: The standard prepares companies for unplanned IT incidents, ensuring uninterrupted services during crises.
- Customer Trust: Certification demonstrates commitment to security, fostering trust among Luma's more than 600 healthcare business customers.
"Ensuring the highest level of data security is paramount at Luma Health, where enabling our customers to deliver patient-centric care is our core mission. Achieving ISO 27001:2022 certification is a testament to our unwavering commitment to information security," said Nick Lees, director of information security and compliance at Luma Health. "It's not just about compliance; it's about upholding the trust our customers and their patients place in us to manage health information with the utmost integrity and protection. This certification, above all, stands as a beacon of our dedication to excellence in security within the healthcare technology sector."
In addition to achieving ISO/IEC 27001:2022 certification, Luma Health is also HITRUST® Common Security Framework r2 certified and SOC 2 Type 2 attested. The company's information security and compliance function comprises a dedicated in-house team and a fully documented set of policies, procedures and controls that are independently audited no less than annually by a third party to ensure they are operating effectively.
About Luma Health
Luma was founded on the idea that healthcare should work better for all patients. Instead of a disconnected experience, where patients are forced to be their own healthcare advocates and provider teams struggle to reach their patients, every point along the care journey should be simple, seamless, and effective. Luma's Patient Success Platform™ empowers patients and providers to be successful by connecting and orchestrating all the steps in the patient journey, along with all the operational workflows and processes in the healthcare ecosystem.
Headquartered in San Francisco, Luma serves more than 600 health systems, integrated delivery networks, federally qualified health centers, specialty networks, and clinics across the United States, and today orchestrates the care journeys of more than 50 million patients. For additional information, visit lumahealth.io.
Media contact:
Tim Cox | ZingPR
[email protected]
SOURCE Luma Health
Share this article