pulseData achieves SOC2 Type II Compliance

pulseData is dedicated to ensuring the privacy, confidentiality, and availability of the data entrusted to us by our customers. In this dedication we pursue ever-higher standards of security with newer systems, technologies, and practices with regards to data security. Today we are pleased to announce that pulseData has earned our SOC2 Type II compliance report.

What is SOC2 Compliance?

SOC stands for System and Organizational Controls and is a framework developed by the American Institute of Certified Public Accountants (AICPA) to provide regular, independent attestation and verification of the controls that a company has implemented to mitigate information-related and data-related risk.

SOC2 reports have two versions: Type I, and Type II.

Type I captures the protections and controls of a business at a single point in time, allowing for verification of policies and systems.

Type II tracks and monitors these protections and controls of a business over a period of time, which verifies not only the policies and systems but also verifies that they are used according to policy during day-to-day activities.

What does SOC2 Type II compliance mean for our customers?

Achieving our SOC2 Type II compliance means that we are following through on our dedication to continue to safeguard our client’s data, as well as our own data.

The SOC2 report is the standard bearer for cybersecurity attestation. A SOC2 compliant business is awarded a badge when a third party auditor verifies that they implement proper physical, technical, and administrative protections to secure their infrastructure and information.

With our auditor’s attestation of our SOC2 Type II compliance we display the AICPA SOC badge on our website, proud to have earned this badge reflecting our commitment to our clients and our understanding of the importance of ensuring safety and security in data storage and management.

What is involved in a SOC2 Type II audit?

In a SOC 2 Type II audit, the business brooks an examination of the policies, procedures, and systems they have in place to protect information across five distinct categories referred to as “Trust Services Criteria.” More details on each below.

The auditor requests evidence submissions from certain days and times over the course of the audit period (minimum three-months) and then reviews this evidence to determine whether or not the business has satisfied the criteria.

Security

Controls that protect against unauthorized access or damage to systems as well as unauthorized disclosure of confidential or proprietary information. Examples of these criteria include endpoint protection and network monitoring.

Availability

Controls that ensure systems operations and availability at a level that meets stated business objectives. Examples of these criteria include performance monitoring and disaster recovery solutions and policies.

Processing Integrity

Controls that ensure systems perform in a predictable, efficient, and error-free manner. Examples of these criteria include software development lifecycle management and quality assurance procedures.

Confidentiality

Controls that protect confidential information throughout its lifecycle from initial ingestion to processing and finally to disposal. Examples of these criteria include encryption policies and identity and access management solutions.

Privacy

Controls specific to protecting personal information, especially that which is captured and collected from customers or clients. Examples of this control include privacy policies and client consent management.

The Issue

Kidney Disease is a huge contributor to the cost of healthcare in the US

pulseData uses data to provide visibility into the impact and cost of kidney care in your population.

Our solution is simple: we focus on the patient. We’re the fastest way to understand your patients and their future, and how to improve it.

Using your data we predict which patients are at-risk for Chronic Kidney Disease and End Stage Renal Disease, we can improve health outcomes and save on spend.

To do this, our solution must impact the care lifecycle, from data to delivery.

1
Analyze

Analyze health records for member cohort across claims, EHR, labs, meds, notes etc.

2
Identify

Identify at risk population with highest CKD/ESRD risks and individual factor weights

3
Communicate

Communicate and coordinate workflows and encounters with patient and provider consent (RN, MD, NP, SW)

4
Support

Informed kidney care decision, support, centered around improved outcomes and quality of life