Data Protection and Security
Data security and privacy at symplr
At symplr, securing customer data is a core focus in our product development. We integrate robust security measures into all our SaaS solutions. Our policies, practices, and technologies are designed to safeguard your data across symplr products and services. We are committed to implementing best practices to mitigate potential threats, allowing you to focus on optimizing healthcare operations for your organization.
We pride ourselves on our commitment to data protection and information security, especially as cybersecurity is one of the top concerns for healthcare organizations. At symplr, we are pleased to demonstrate our value as a trusted partner, protecting customer organizations’ highly sensitive and personal data.
BJ Schaknowski
CEO, symplr
Transparency and data protection
Cyberattacks on healthcare organizations pose significant threats, compromising systems, patient safety, and disrupting operations. Consequently, there’s increased demand for robust data protection from technology providers.
At symplr, transparency is paramount. We are always clear about our policies, operational practices, and technologies to help ensure the security, compliance, and privacy of your data across symplr products and services.
Our commitment to you
Transparency
We understand that when you use our solutions and services, you’re entrusting us with one of your most valued assets—your data. We are committed to transparency regarding our policies, operational practices, and technologies, helping you understand our approach to data security and privacy.
Culture
symplr fosters a security-focused culture as evidenced by our Secure by Design Pledge. We strive to adopt and implement security best practices to support a more secure infrastructure for our customers.
Privacy
Our commitment to cybersecurity and privacy is demonstrated by leveraging best practices in technology and processes for data collection, processing, and management.
Secure by Design Pledge
symplr is proud to support the Cybersecurity and Infrastructure Security Agency’s (CISA) Secure by Design Pledge, underscoring our commitment to a proactive cyber and information security. This initiative’s seven core goals aim to foster a preemptive and resilient cybersecurity environment. The pledge aligns with symplr’s dedication to adopting and advancing information security best practices and the symplr secure-by-default development processes.
SecurityScorecard "A" Rating
Because security is an ongoing journey, at symplr we continually invest in enhancing our cybersecurity and privacy posture. This commitment is reflected in symplr’s "A" rating from SecurityScorecard (as of June 6, 2024) across 10 risk factors: network security, DNS health, patching cadence, endpoint security, IP reputation, application security, cubit score, hacker chatter, social engineering, and information leak.
Accredited security and data protocols
symplr’s security and privacy strategy encompasses our software products, the guidelines and technology tools we deploy, and our internal processes. Our security measures are verified and accredited by the top industry certifications, as measured by leading independent third parties. We adhere to industry standards that are designed to protect data and security compliance.
Service Organization Control Type 2 (SOC 2) Compliance
Customer data is processed and handled properly following a well-known set of security and privacy standards. Currently, 29 symplr products are SOC 2 Type II compliant. symplr Talent Suite has additionally achieved SOC 1 Type II compliance.
HITRUST Certification
symplr Payer, symplr Contract, and symplr Clinical Communications have all achieved certified status from HITRUST by demonstrating compliance with a comprehensive set of regulatory and industry standards for information risk management and data protection.
Security Protection
Leveraging a multi-layered security approach, including advanced solutions and services, to help prevent and control unauthorized activities and cyber threats.
Continuous Application & Perimeter Testing
Continuously testing our applications and defensive mechanisms with real-world scenarios to identify potential vulnerabilities, strengthen our network, and enhance incident response plans.
HIPAA Secure & Privacy
symplr products comply with HIPAA Security and Privacy regulations. Internal controls and training promote adherence to data and privacy compliance when data is manually shared or processed.
Internal Culture of Compliance
Executive support, continuous training, access controls, and a proactive posture on cybersecurity encourage our employees to be a strong defense against potential threats.
Saeed Valian
Chief Information Security Officer, symplrHave an issue to report?
If you are a current customer looking to report an issue or event, please reach out to customer support.