Luma Health Elevates its Security Practices with ISO/IEC 27001:2022 Certification

March 27, 2024 San Francisco, CA

Luma demonstrates strong commitment to information security by adding ISO/IEC 27001:2022 to its existing HITRUST r2 and SOC 2 Type II certifications — surpassing the HIPAA requirements to safeguard data, demonstrate compliance, and foster trust

Luma Health, innovator of the market-leading Patient Success Platform™, confirmed today it has attained one of the most stringent security standards for information security management systems: ISO/IEC 27001:2022. The certification highlights Luma’s commitment to security and its completion of a suite of security certifications, which includes ISO/IEC 27001:2022, SOC 2 Type II, and HITRUST CSF r2.

The ISO (International Organization for Standardization) is an independent, non-governmental international organization, and ISO/IEC 27001 is the world’s best-known standard for information security management systems (ISMS). It provides companies of any size and across all sectors with rigorous guidance for establishing, implementing, maintaining, and continually improving an information security management system.

Conformity and verification by an independent third-party assessor with the latest form of ISO/IEC 27001:2022, it was updated in 2022, is especially important for IT service providers in the healthcare sector. Today’s announcement demonstrates that Luma has implemented a rigorous approach to manage risks related to the security of data owned or handled by the company, and that this system respects all the best practices and principles enshrined in this international standard.

Further, it underscores that Luma Health conforms with the HIPAA Privacy Rule and HIPAA Security Rule in five ways:

  1. Risk Management: ISO/IEC 27001 ensures robust risk assessment and mitigation. In healthcare, safeguarding patient data is paramount.
  2. Data Protection: Compliance with this standard ensures secure handling of sensitive health information, preventing breaches.
  3. Legal Compliance: Adhering to ISO/IEC 27001:2022 further bolsters Luma’s compliance with HIPAA.
  4. Business Continuity: The standard prepares companies for unplanned IT incidents, ensuring uninterrupted services during crises.
  5. Customer Trust: Certification demonstrates commitment to security, fostering trust among Luma’s more than 600 healthcare business customers.

“Ensuring the highest level of data security is paramount at Luma Health, where enabling our customers to deliver patient-centric care is our core mission. Achieving ISO 27001:2022 certification is a testament to our unwavering commitment to information security,” said Nick Lees, director of information security and compliance at Luma Health. “It’s not just about compliance; it’s about upholding the trust our customers and their patients place in us to manage health information with the utmost integrity and protection. This certification, above all, stands as a beacon of our dedication to excellence in security within the healthcare technology sector.”

In addition to achieving ISO/IEC 27001:2022 certification, Luma Health is also HITRUST® Common Security Framework r2 certified and SOC 2 Type 2 attested. The company’s information security and compliance function comprises a dedicated in-house team and a fully documented set of policies, procedures and controls that are independently audited no less than annually by a third party to ensure they are operating effectively.

About Luma Health
Luma was founded on the idea that healthcare should work better for all patients. Instead of a disconnected experience, where patients are forced to be their own healthcare advocates and provider teams struggle to reach their patients, every point along the care journey should be simple, seamless, and effective. Luma’s Patient Success Platform™ empowers patients and providers to be successful by connecting and orchestrating all the steps in the patient journey, along with all the operational workflows and processes in the healthcare ecosystem.

Headquartered in San Francisco, Luma serves more than 600 health systems, integrated delivery networks, federally qualified health centers, specialty networks, and clinics across the United States, and today orchestrates the care journeys of more than 50 million patients. For additional information, visit lumahealth.io.

TIM COX | on behalf of Luma Health | tim@zingpr.com

Related Readings and Events

Explore Recent Announcements