Wildflower’s Unwavering Commitment to Your Data Security

In today's digital landscape, the security of sensitive information is non-negotiable. At Wildflower, the security of protected health information (PHI) and proprietary data is a top priority. To ensure we meet and exceed industry standards, we maintain two of the most stringent and respected security certifications available: the HITRUST r2 Certification and the SOC 2 Type II Certified Platform.

Why go through the intensive process of obtaining and renewing these certifications? It represents an independent, third-party verification that our policies, procedures, and entire infrastructure are designed to meet or exceed recognized industry security and risk management standards.

• Data Protection: Safeguarding proprietary information and personal data. 

• Breach Prevention: Reducing risks that could lead to severe financial or reputational damage. 

• Third-Party Trust: Validating our security commitment through external audits to build client and consumer confidence.

Q&A: Unpacking Wildflower's Commitment to Data Security with HITRUST and SOC 2

In conversation with Wildflower’s security, compliance and data leaders

Q: Why does Wildflower maintain both certifications?

A: Maintaining both the highly rigorous, healthcare-focused HITRUST r2 Certification and the operationally focused SOC 2 Type II Certified Platform is a strategic choice that underscores our mission. This dual verification provides comprehensive security assurance across every facet of our business, creating a foundation of trust for both our clients and the consumers who rely on us.

At Wildflower, security is not just a checkbox; it is a collaborative effort woven into our culture. Our organizational buy-in from every employee is critical for the successful renewal of these certifications, and it ensures that we continue to protect your data with the highest level of care.

Q: What is the HITRUST r2 Certification and what does it cover?

A: The HITRUST (Health Information Trust Alliance) r2 Certification is the gold standard for security in the healthcare industry. This is the certification our team considers the more stringent one, and with good reason. It’s built upon a foundation of multiple leading security standards, including controls mapped to HIPAA requirements and best practices from the NIST (National Institute of Standards and Technology) framework. 

Achieving this certification requires a rigorous, comprehensive review across the in-scope environments and operations. This means that not just our servers, but our policies, our procedures, and the security of data in both virtual and physical environments have been scrutinized. Unlike other assessments, HITRUST has a governing body that strictly reviews our evidence, ensuring we meet a minimum evidence age before issuing the formal certification.

Q: What does the SOC 2 Type II Certified Platform cover?

A: The SOC 2 (Service Organization Control) Type II Certified Platform provides proof of our ongoing operational excellence. This set of standards focuses on the controls of a service organization, and can cover up to five key Trust Services Criteria. 

The Type II distinction confirms that we don't just have security controls, but that they have been tested and proven to be effective over a specific period of time. Our SOC 2 assessment also includes important operational factors like HR activities to ensure security is truly integrated into our company culture. Together, this certification and our annual review process ensure that our commitment to security is not static but continuously improving.

Q: How does a platform’s HITRUST and SOC 2 certifications support health plans, payers and patients?

A: Maintaining both certifications gives us a comprehensive, multi-framework security approach that benefits both our institutional clients and the patients we serve:

Benefits for Our Clients (Health Plans, Systems, Payers, Employers)

• Reduce your vendor risk because we meet the highest industry standards.

• Streamline your own compliance requirements by handling the most intensive security demands (especially for HIPAA).

• Prove our trustworthiness through an independent third party, which is essential for new and existing partnerships.

Benefits for Our Patients and Consumers

• Confidence that your protected health information (PHI) is secured by independently verified practices.

• Assurance that your privacy policies are reviewed and kept up-to-date

• A company culture where security is everyone's responsibility.

Wildflower’s security, compliance and data leaders

Deryle Davis, Compliance Manager

Brad Dunbar, Systems Operations Director

Keith Jaeger, Chief Technoloy Officer