October is Cybersecurity Awareness Month, but for Glooko, the only diabetes management company with multiple industry-leading security certifications, our commitment to protecting patient health data is a year-round mission.
According to Glooko CEO Mike Alvarez, one of our diabetes management company’s core differentiators is our commitment to patient safety and data privacy, which enables us to build and maintain trust with hospitals, health systems, clinics, and people living with diabetes.
As the healthcare industry faces rising cyberattacks, Glooko understands that securing health data and ensuring the security and privacy of this sensitive information is not just a policy — it’s a core responsibility.
Building a Foundation of Trust Through Security Certifications
Security isn’t a single feature you can switch on; it’s a comprehensive framework built on continuous commitment, sophisticated technology, and rigorous auditing.
As the most secure diabetes management platform, Glooko has invested heavily in achieving and maintaining a number of rigorous global security certifications and standards, which serve as a powerful testament to the maturity and diligence of our security practices that safeguard the sensitive personal and health data of our users with diabetes.
Here are the key standards and certifications that build Glooko’s security backbone:
- ISO 27001: This globally recognized information security management standard outlines requirements for an information security management system (ISMS). Achieving this certification means an organization has a systematic approach to managing sensitive company and customer information.
- SOC 2 Type II and SOC 3 Certification: These internationally recognized global reporting standards, validated by an auditing firm, verify that Glooko’s controls across its employees, systems, and processes fully secure all customer data, software, and company assets.
- HITRUST Risk-based, 2-year (r2) Certification: Achieving this healthcare industry gold standard confirms our stringent, independently-audited security controls meet the highest requirements of frameworks like HIPAA and NIST. This places us in an elite group dedicated to protecting sensitive patient health data. Explore our recent study on strengthening our cyber resilience…
- HIPAA Compliance: This U.S. federal law ensures the protection of sensitive patient health information from being disclosed without the patient’s consent or knowledge.
- The NHS Digital Data Security and Protection Toolkit (DSPT): For operations in the U.K., this framework ensures that patient data is handled securely and in a way that respects privacy.
- GDPR: This comprehensive European Union law gives individuals control over their personal data by setting strict rules for how organizations worldwide must collect, process, and protect that information.
How Diabetes Patient Health Data is Protected on a Day-to-Day Basis
Beyond the certifications, hundreds of controls are implemented to ensure data remains secure at Glooko. Our approach, covering protection, defense, response, and recovery, includes:
- Continuous Vulnerability Management: Regular penetration testing and vulnerability scans are conducted to proactively identify and address potential weaknesses in their systems.
- Internal Governance: A dedicated governance board oversees our diabetes management company’s policies, ensuring that security and privacy are considered in all decisions.
- Employee Training: A core element of any security strategy is the people. Team Glooko receives regular, mandatory training on data security and privacy protocols.
- Privileged Access Management: Policies are in place to ensure that only authorized personnel have access to sensitive information.
- Secure Software Development Lifestyle (SSDLC): Security code reviews, threat modeling, and static and dynamic code scans are completed during the software development lifecycle
Your Data, Your Control
A crucial part of data privacy is the user’s right to control their information. We make it clear that personally identifiable data is never shared without explicit consent. When using the platform through a healthcare provider, Glooko functions as a part of the healthcare provider’s operations, always adhering to the same stringent privacy standards.
Our Constant Commitment to Protecting Patient Safety
Cybersecurity Awareness Month is a great starting point, but data protection requires constant, evolving, and year-round efforts because threats are always changing.
Through a combination of robust technical controls, a culture of security, and adherence to global standards, Glooko’s commitment to trust and privacy is a fundamental part of our connected care company beyond October.