Global 
Germany 
Spain 
France Committed to safeguarding patient health data
The only diabetes management company with multiple industry-leading security certifications
Trusted leadership and rigorous governance drive patient safety
and data protection
As cyberattacks on healthcare systems escalate, protecting patient data is more critical than ever. At Glooko, data privacy and security are core to our mission. We’re certified by leading global security and privacy organizations, with robust controls validated through annual third-party audits in the U.S. and Europe. These measures help secure sensitive data, ensure access, and reduce breach risks.
Our leadership is deeply engaged, with formal governance and regular reporting to our Board of Directors. Data protection is embedded in our culture as we continue to meet evolving healthcare compliance and privacy standards.
Secure EHR Integrations
Easier integration into EHR’s clinical workflow, simplifying burden on healthcare administrators.
Protecting Patient Data
Prevents unauthorized access and misuse of patient data
Trusted and Audited
Annually tested controls ensure the security of our software, systems, processes, and team.
Smart Investment
Significantly reduces supplier risk and potential costs with an expert security team.
Leading global security and privacy
certifications
ISO 27001 is an international information security management standard from the International Organization for Standardization and the International Electrotechnical Commission.
The leading approach and certification recognizes the health and robustness of an organization’s overall information security program, while helping an organization safely and securely manage and protect its assets in a systematic and cost-effective way.
With a focus on confidentiality, integrity and availability, Glooko achieved the three-year ISO 27001 certification after an audit by TUV, an accredited international third-party firm, that attested that Glooko is compliant with the framework.
Glooko has achieved SOC 2 Type II and SOC 3 certifications.
This globally recognized extensive reporting standard provides independent validation from a sophisticated, international, third-party auditing firm that Glooko has all the required controls in place for their employees, systems and processes to ensure the security of customers’ data, its software and company.
These accredited third-party auditors have certified that Glooko’s attested security controls and policies work extremely well in securing patient health data.
Glooko uses OneTrust, the number one privacy platform in the world to ensure website compliance with CCPA, GDPR, LGPD and hundreds of the world’s privacy laws and frameworks.
OneTrust ensures transparency and consent for online tracking.
HIPAA compliance, as supported by Glooko’s HITRUST certification, involves fulfilling the requirements of the Health Insurance Portability and Accountability Act of 1996, its subsequent amendments, and any related legislation such as HITECH.
Compliance ensures that technical, physical and administrative safeguards are in place and adhered to, and that they comply with the HIPAA to protect the integrity of patient health data.
HITRUST is the standards and certification body that helps organizations achieve information security, privacy and regulatory compliance goals through comprehensive and innovative solutions.
Glooko’s HITRUST Risk-based, 2-year (r2) Certification, the industry gold standard, combines security standards set by HIPAA, NIST, COBIT and many more.
HITRUST certification places Glooko in an elite group of organizations worldwide and proves that its attested security controls meet these standards of protecting sensitive patient health data.
HITRUST certification is a globally recognized, validated assessment conducted by an accredited Silicon Valley-based, third-party auditing firm that certifies that a company’s security policies, procedures and practices are compliant with HIPAA, the U.S. federal regulation protecting patient health data.
HITRUST certification demands best practice security safeguards and sets the highest bar for proof of a company’s security posture.
For any security issues or questions, please reach out to [email protected].
The Data Security and Protection Toolkit is an online self-assessment tool that allows organizations to measure their performance against the ten data security standards around people, processes and technology of the National Data Guardian, an organization in England that challenges the healthcare system to help ensure that citizens’ confidential information is safeguarded securely and used properly.
All organizations that have access to the United Kingdom’s National Health Service patient data and systems must use this toolkit to provide assurance that they are practicing good data security and that personal information is handled correctly.
Frequently Asked Questions
How do we safeguard patient health data?
At Glooko, we strive to ensure patients’ sensitive health data is secure, private and available only when it is needed.
We know that health data is critical and sensitive. Our digital health platform leverages security best practices, follows leading frameworks like the Health Information Trust Alliance Common Security Framework, and can show compliance to U.S. regulatory statutes like HIPAA to ensure that all customer data is safeguarded.
We have independent third parties regularly conduct penetration testing and independent cybersecurity risk assessments, and we monitor our platform for vulnerabilities and any unusual behavior. Our connected care platform is designed for redundancy and resiliency, and we have strong policies, procedures and practices to assure security through hundreds of technical, organizational, and procedural controls.
What do we do with patient's health data?
We take the protection of sensitive personal data seriously and do not share identifiable information without consent. When Glooko is used through a healthcare provider, that provider will access the patient’s data to support diabetes management, such as during a clinic visit. In this context, Glooko functions as part of the provider’s broader healthcare operations, similar to other systems they use in delivering care.
What are our internal controls over data privacy and security?
At Glooko, our practices ensure that security and privacy remain paramount and are not dismissed for expediency or profit.
We have documented policies that lay out our expectations for security and privacy. We also have a formal, adopted data ethics policy that outlines the proper treatment of sensitive data. Our governance board for security and privacy that helps drive critical decisions and ensures proper prioritization and resource allocation for security and privacy efforts. Employees undergo regular training on data privacy and security, and follow strict access control and password management protocols. Glooko’s leadership team truly believes that the effort to lead in data security and privacy protection is worth it, because trust with our customers and partners is worth it.