Smile Digital Health Achieves ISO 27018 Certification

Smile’s new addition to its privacy certification is the best of both worlds—compliance and data protection.

TORONTO, CANADA -- July 11, 2023  – Smile Digital Health (Smile), a leading FHIR® health data fabric and exchange solutions provider, announced today that it has successfully implemented ISO 27018:2019, an international guideline focused on safeguarding personally identifiable information (PII) in cloud computing. 

ISO 27018 is entirely voluntary; however, Smile chose to extend their current certification of ISO 27001 with ISO 27018 to ensure their privacy information management system meets the most comprehensive guidelines when it comes to collecting, processing, storing, sharing and destroying PII and protected health information (PHI) data in the Cloud. Although the focus of ISO 27018 is data protection, it  also offers guidelines for the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), and other regulatory compliance. Along with PII handling, ISO 27018 provides guidelines for third-party management for subcontractors and security incident management.

ISO 27018 certification is particularly relevant for customers of Smile’s Cloud-based Managed Services offering. Smile Managed Services is an end-to-end service package encompassing FHIR-based implementation, maintenance, security, and support for cloud or hybrid-deployed Health Data Fabric (HDF) solutions. Managed Services customers can trust that their data is safeguarded and won’t be used for any purposes other than those that they give consent for based on the ISO 27018 controls, objectives and guidelines.

“ISO 27018 ensures the data our Managed Services customers store, share and process in the Cloud is handled based on the highest level of privacy standards," said George Rollins, President, Smile Digital Health. “I’m proud that we can offer solutions and support that provide the security our customers look to us for. Our privacy information management system and all that our team has been able to accomplish in terms of certifications is truly impressive.”

“It’s important for us as we continue to grow our product and service offerings to ensure we are always operating with the highest standards when it comes to security and privacy. Our Managed Services solution made implementing ISO 27018 the obvious next step for us in terms of PII protection in the Cloud,” said Luis de Barros, Chief Privacy and Security Officer, Smile Digital Health.

Read the full press release here.