COVID-19: How Lightbeam is providing resources and support to clients. Learn More.

Lightbeam Health Solutions logo
Careers
Contact
Request a Demo
x
  • Solutions By
    • By Org Type
      • Accountable Care Organizations
      • Clinically Integrated Networks
      • Hospital/Health Systems
      • Provider Groups
      • Self-Insured/Employers
      • Medicare Advantage
      • Payers
    • By Role
      • ACO Executive Director
      • VP Quality
      • VP Population Health
      • C-Suite
      • Chief Medical Officer
      • Provider
    • By Need
      • Shared Savings
      • Fee-for-Service revenue
      • Quality Improvement
      • Care Coordination Services
      • CMS Primary Cares
  • Capabilities
    • Population Health Management Technology
      • Healthcare Analytics
      • Artificial Intelligence (AI)
      • Care Management
      • Cohort Builder
      • Enterprise Data Warehouse
      • GPRO Reporting
      • HCC Coding Module
      • Patient Engagement
      • Physician Engagement
      • Lightbeam HIE System
      • Referral Management
      • Risk Stratification
    • Value-Based Care Services
    • Care Team Extension
  • Why Lightbeam
    • Transformative Engagement
    • Proven Results
    • Industry Leading
    • World Class Data
    • Robust Insights
  • Resources
    • All Resources
    • Blog
    • Client Success Stories
    • Webinars
    • Industry Articles
    • Educational
    • In The Media
  • About
    • About Lightbeam
    • Partnering with Lightbeam
    • Contact Us
  • News & Events
Search
Careers Contact

 

Demo Request
Menu
  • SOLUTIONS BY >
      • By Org Type
        • Accountable Care Organizations
        • Clinically Integrated Networks
        • Hospital/Health Systems
        • Provider Groups
        • Self-Insured/Employers
        • Medicare Advantage
        • Payers
      • By Role
        • ACO Executive Director
        • VP Quality
        • VP Population Health
        • C-Suite
        • Chief Medical Officer
        • Provider
      • By Need
        • Shared Savings
        • Fee-for-Service Revenue
        • Quality Improvement
        • Care Coordination Services
        • CMS Primary Cares
  • CAPABILITIES >
    • Population Health Management >
      • Healthcare Analytics
      • Artificial Intelligence (AI)
      • Care Management
      • Cohort Builder
      • Enterprise Data Warehouse
      • GPRO Reporting
      • HCC Coding Module
      • Patient Engagement
      • Physician Engagement
      • Referral Management
      • Risk Stratification
    • Lightbeam HIE System
    • Value-Based Care Services
    • Care Team Extension
  • WHY LIGHTBEAM >
    • Transformative Engagement
    • Proven Results
    • Industry Leading
    • World Class Data
    • Robust Insights
  • RESOURCES >
    • Blog
    • Client Success Stories
    • Webinars
    • Industry Articles
    • Educational
    • In The Media
  • ABOUT >
    • About Lightbeam
    • Partnering with Lightbeam
    • Contact Us
  • NEWS & EVENTS
The Importance of End-to-End SOC 2® Compliance

The Importance of End-to-End SOC 2® Compliance

  • By Russ Smith
Share This
Share on linkedin
Share on facebook
Share on twitter
Share on email
Share on print

Healthcare providers are increasingly adopting SaaS (software-as-a-service) models because it frees up capital, requires less up-front spending, and shifts routine “break-fix” work from their IT team to their software vendor. When it comes to healthcare, HIPAA, or the Health Insurance Portability and Accountability Act of 1996, is at the top of the jargon list, typically linked to words like “compliant” or “certified.” However, there is no such thing as HIPAA-certified software and being “compliant” does not mean an organization is as secure as they need to be. While HIPAA is the name everyone knows, it is only part of the story regarding health information security and cyber defense.

Some Background on SOC and SOC Compliance

SOC 2®, or SOC for Service Organizations, was developed by the American Institute of CPAs (AICPA) as a means to report on the measures taken to ensure security, availability, processing integrity, confidentiality, and privacy. When a business, cloud provider, or SaaS solution is certified as SOC 2 compliant, it means an independent auditor has conducted an extensive examination of their policies, processes, and evidence of compliance. The auditor then issues a written opinion stating the subject has adequate controls in place for the scope of the service they provide.

When a data center says it is SOC 2 compliant, it relates to physical security measures, like requiring two- or three-factor authentication to enter the data center or provide redundant cooling, power, and internet pathways. The same is true for a cloud hosting provider such as  Amazon Web Services (AWS) or Microsoft Azure. They are SOC 2 certified with respect to the processes they adhere to in delivering their cloud services. However, running a SaaS solution in a SOC 2 certified environment does not make the SaaS solution SOC 2 compliant. 

The Responsibilities Customers Have

Whether as a sales tactic or through ignorance, some healthcare software vendors imply that their software is secure by running in a SOC 2 certified environment. However, there is much more to it than that. The SaaS solution provider must also go through the same rigorous, independent review to ensure all of their policies, processes, and procedures are in place and followed at the appropriate level before the solution can be called SOC 2 compliant.

As a customer, it is not just essential to have confidence in where the SaaS solution is being run; it is critically important to be confident in how it is managed and delivered. Security and privacy in healthcare are very black-and-white issues, and an organization never wants to find themselves in a gray area when facing a HIPAA audit.

Lightbeam made the strategic decision and investment early on to ensure its SaaS-based population health platform is fully SOC 2 compliant. Currently, Lightbeam holds SOC 2 Type 2 certification, with the new 2020 report available for clients to review. Lightbeam’s solutions are also hosted in datacenter and cloud environments that are themselves SOC 2 certified. Lightbeam knows this gives customers the end-to-end assurance that their security, availability, processing integrity, confidentiality, and privacy are being rigorously managed.

It is vital to have a SaaS provider that shares the organization’s goals for how technology, data analysis, and data management supports delivering high-quality healthcare while enhancing the patient experience. For more information about Lightbeam’s credentials and SOC 2 Type 2 certification as a population health management vendor, please feel free to email me at rsmith@lightbeamhealth.com.

Russ Smith is Lightbeam’s Vice President of Infrastructure & Security

Share This
Share on linkedin
Share on facebook
Share on twitter
Share on email
Share on print
Previous BlogCreate an Immunization Plan for the COVID-19 Vaccine
Next BlogAvoiding Penalties for Hospital Readmissions with Population Health Technology
Search

Subscribe to
our Blog

Keep up with industry news, helpful tips and exclusive Lightbeam events.

Recent Posts
  • Staying Competitive in 2021 With CAHPS® Updates: Part 2
  • Critical Behavioral Health Integration Needs in COVID-19 and Beyond 
  • Our 2021 Predictions at Lightbeam Health Solutions
  • Staying Competitive in 2021 With CAHPS® Updates: Part 1
  • The Lightbeam Operations Department: Helping Clients Succeed in Value-Based Care
Lightbeam Health Solutions logo

Email

info@lightbeamhealth.com

Phone

(972) 831-7270

Connect With Us

Linkedin-in
Facebook-f
Twitter
Youtube
Instagram

Connect With Us

Linkedin-in
Facebook-f
Twitter
Youtube
Instagram
Lightbeam Health Solutions logo

News & Updates

Keep up on our evolving product features and technology.
Enter your email to subscribe today.

  • This field is for validation purposes and should be left unchanged.

©2021 Lightbeam. All Rights Reserved. Privacy Policy | Sitemap

This website uses cookies to ensure you get the best experience on our website. Read our privacy policy.
Accept