Smile Digital Health Completes SOC 2® Type 2 Examination 2024

Smile levels up their certification to continue to provide the highest security and compliance standards. 

TORONTO, CANADA -- June 11, 2024 – Smile Digital Health (Smile), a leading FHIR® health data platform and exchange solutions provider, announced today that it has successfully completed the System and Organization Controls (SOC) 2® Type 2 certification with a year reporting period. 

“When you’re a company whose products and services support making healthcare data actionable, data privacy and security is a number one priority. We want our customers to know that they can safely do more with their data because Smile Digital Health follows the very best healthcare industry security and privacy practices, such as the SOC 2®,” said Erin Prymas, Chief Revenue Officer, Smile Digital Health. “We will continue with annual recertifications for those standards and obtain new certifications relevant to our product portfolio as they become available.” 

Security is an integral part of Smile’s Health Data Platform solution. The SOC 2 Type 2 is one component of an ongoing certification plan that aligns to the highest security standards, ensuring that Smile is always safeguarding their clients’ data and providing the safest methods of storing, processing and exchanging sensitive information. Smile also has a host of other certifications including HITRUST from the Health Information Trust Alliance, (g)(10) from the Office of the National Coordinator for Health Information Technology (ONC) and various ISO certifications from the International Organization for Standardization. 

Developed by the American Institute of Certified Public Accounts (AICPA), SOC 2 is a security framework that specifies how organizations should protect client data from unauthorized access, security incidents and other vulnerabilities. The SOC 2 focuses on internal controls related to security, availability, confidentiality, processing integrity and privacy.

The SOC 2 Type 2 attestation report assesses the operating effectiveness of internal controls over an extended period of time. Gaining this next level of certification continues to solidify Smile as a leader when it comes to data security and privacy, which is key to its clients and prospective customers when working with the type of personal data they need to analyze and share regularly.

“Obtaining the SOC 2 Type 2 2024 recertification has been a key goal of this company as set in our Privacy and Security roadmap. Our clients and partners now have additional evidence of how we operate our services and ensure the protection of data as per our own stringent policies,” said Luis de Barros, Chief Privacy and Security Officer, Smile Digital Health.

The SOC 2 audits a wide range of tasks. Some of these include vulnerability scanning and management, testing of recovery plan procedures and monitoring various aspects of the retention period of data. This high-level summary barely touches on the areas available to audit and in turn showcases the extensive nature of the SOC 2.