Syapse Expands Security Posture with HITRUST Certification


By Vinod Subramanian


Patient data collected from electronic health records, molecular testing and patient reported outcomes is powering many of the most exciting advances in medicine today. Because of this, these data are among the most valuable and sought after in the world. They are also very personal. Behind every datapoint is a human being and these people deserve the public and private sectors’ best efforts in protecting them from nefarious use.  

At Syapse, we are stewards of our health system customer’s data.  We collaborate with health systems around the world to enable insights that support better cancer care and treatment. These insights rely on the availability of high-quality patient data. In aggregate, these data can help providers identify what treatments may work best based on similar patients, share insights with colleagues, interpret genetic tests and identify potentially life-saving clinical trials. 

Today, we are proud to announce that Syapse has received HITRUST CSF certification for our precision oncology platform. This certification audits healthcare-specific security, privacy and regulatory requirements including HIPAA, NIST, ISO and COBIT as well as industry best practices and provides a single evaluation framework that is designed for the unique needs of Syapse’s health system customers.  

The precision medicine solutions that Syapse provides to its health system customers are developed with a comprehensive understanding of the risk environment and the corresponding needs they identify. For example, every health system working with Syapse retains all access and usage rights to their organization’s data. In addition to the HITRUST CSF certification, Syapse has instituted safeguards, policies, and procedures to protect health system data in compliance with federal health laws such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH), as well as various state data privacy laws across the country.

The landscape of available security frameworks is vast. We chose HITRUST CSF because it was developed to address the multitude of security, privacy and regulatory challenges facing healthcare organizations. By including federal and state regulations, standards and frameworks, and incorporating a risk-based approach, the HITRUST CSF helps organizations like ours address these challenges through a comprehensive and flexible framework of prescriptive and scalable security controls today, and into the future.

Information security is a journey without a defined end place. Meaning, the threat landscape is ever-changing and there are always new technologies and regulations to consider when establishing a security posture. At Syapse we are committed to this journey and our close collaborations with our customers to ensure the highest levels of transparency and diligence in protecting their data.