Skip to main content

Omada Health Achieves HITRUST CSF Certification

Leading Digital DPP Provider Meets Security, Privacy, and Compliance Requirements for Industry-Leading Certification

San Francisco, CA (August 14, 2017) – Omada Health, the leading provider of digital behavioral counseling for individuals at risk for type 2 diabetes and cardiovascular disease, today announced the company has earned Certified status for information security by HITRUST. With the HITRUST CSF Certification, Omada’s Orange and Kairos systems -- those that contain, process or assess PHI – have been recognized as meeting key healthcare regulations and requirements for protecting and securing sensitive private healthcare information. Specifically, HITRUST certifies that Omada systems comply with all U.S. HIPAA security regulations, as well as PCI, ISO 27001 and NIST security standards. 

Omada’s VP of IT and Security William Dougherty led the effort for Omada’s systems to earn certification. “Ensuring our participants’ personal health information (PHI) stays private and secure is our top priority. HITRUST provides independent, third-party attestation that our investments in infrastructure and security lead the digital health industry,” said Dougherty. “The best-in-class certification from HITRUST validates that not only are our systems set up to protect PHI – but that our policies, processes, and technical controls do the same.”

“One of our core values is ‘participants first,’” added Omada CEO Sean Duffy. “That means keeping health data safe. Thanks to the work of Bill and his team, our participants, current customers, and potential partners can contract with Omada knowing that we meet all industry-leading standards for protecting individuals’ PHI.”

HITRUST CSF Certified status indicates that the Omada Program has met industry-defined requirements and is appropriately managing risk, and places Omada in an elite group of organizations worldwide that have earned this certification. By including federal and state regulations, standards and frameworks, and incorporating a risk-based approach, the HITRUST CSF helps organizations address these challenges through a comprehensive and flexible framework of prescriptive and scalable security controls.

“HITRUST has been working with the industry to ensure the appropriate information protection requirements are met when sensitive health information is accessed or stored in a cloud environment,” said Ken Vander Wal, Chief Compliance Officer, HITRUST. “We are pleased that Omada Health has taken the steps necessary to achieve HITRUST CSF Certified status, and we expect their customers to have confidence in this designation.” 

About Omada Health

Omada Health is a digital behavioral medicine company that inspires and enables people to change the habits that put them most at risk for chronic conditions like heart disease and type 2 diabetes. The company is the largest CDC-recognized provider of the National Diabetes Prevention Program, and since its founding, has enrolled more than 110,000 participants. Omada’s program combines proven behavioral science, the power of professional health coaches and peer groups, connected technology, and world-class design to deliver clinically-meaningful results. The company operates on a pay-for-outcomes pricing model that aligns incentives between Omada, customers, and participants. Omada Health was named a 2016 Technology Pioneer by the World Economic Forum, and one of Fast Company’s Most Innovative 2017. To learn more, visit

For more information, contact:

Adam Brickman