Security Trust Center


Challenges of Securing Patient Health Information

In the world of healthcare, information security is vital. Companies dealing with patient’s personal health information must meet key healthcare regulations and requirements for protecting and securing all materials and data to avoid an information security breach. Achieving security certification by trusted third-party organizations can assure partners and patients that their information is maintained with the highest level of security. Please see below regarding our HITRUST Certification.

Security refers directly to protection, and specifically to the means used to protect the privacy of health information and support professionals in holding that information in confidence.  The concept of security has long applied to health records in paper form; locked file cabinets are a simple example. As use of electronic health record systems and transmission of health data has grown, the need for regulatory guidelines specific to electronic health information has become more apparent.  The HIPAA Security Rule provided the first national standards for protection of health information.  Addressing technical and administrative safeguards, the HIPAA Security Rule’s goal is to protect individually identifiable information in electronic form subset of information covered by the Privacy Rule’s while allowing healthcare providers appropriate access to information and flexibility in adoption of technology.

Breaches to confidentiality now face more serious penalties given modifications to both the HIPAA Privacy and Security Rules following publication of final rule provisions of the HITECH Act.  Solera Health fully understands these rules and has implemented them in all cloud hosted services making Solera health one of the leading Cloud Solutions Integrator in Healthcare.

Solera Health Secures Patient Health Information in the Cloud

As a company, we promote data privacy and security in a cloud-based environment and work exclusively within the healthcare cloud space. Solera offers a proprietary Platform as a Service (PaaS) that connects a nationwide network of community organizations and digital solutions for chronic disease prevention programs (including the Centers for Disease Control and Prevention’s National Diabetes Prevention Program) with technology that manages service referrals, reimbursement and payment, aggregates data, simplifies enrollment, and supports increased consumer engagement and choice.

We understand that Protected Health Information (PHI) is personal and private, and we are dedicated to maintaining the accessibility, integrity, and security of Protected Health Information.

Solera Health’s trusted cloud platform makes it possible for healthcare companies to strengthen compliance and improve security, while allowing them to leverage valuable business functionality across all key digital channels. Solera Health is dedicated to helping our customers be more secure and compliant when accessing cloud services.

We have implemented reasonable and appropriate administrative, technical, and physical safeguards designed to protect PHI from unauthorized access, use or disclosure.  All Information provided to us is stored with an authorized, healthcare protected cloud services provider.  These safeguards include, without limitation, encrypting all Personal Information and Protected Health Information.

Solera Health gains HITRUST Certification in Securing Patient Health Information

Solera Health has earned a certified status from the Health Information Trust Alliance (HITRUST) high-level security framework. The HITRUST Common Security Framework (CSF) certification provides assurance to Solera’s health plan, employer and health system clients that Solera meets the healthcare industry’s highest standards in protecting healthcare information and managing risk.

By creating a culture of compliance and completing the steps necessary to obtain the HITRUST CSF Certified status, Solera is distinguished as a company that our payer and Diabetes Prevention Program provider partners, and their participants, can trust to secure protected health information. With the HITRUST Certification, Solera Health can continue to scale securely.

Solera Health Achieves HITRUST CSF Certification

About HITRUST CSF Certification

The HITRUST CSF was developed to address the multitude of security, privacy and regulatory challenges facing healthcare organizations. By including federal and state regulations, standards and frameworks, and incorporating a risk-based approach, certified organizations meet a diverse set of requirements through comprehensive and scalable security controls.

view certificate

How Solera Handles Data Security

Solera Health has years of experience in building enterprise level software solutions and running some of the most secure online services. We have used this experience to build a robust set of security technologies and practices into the Solera Health infrastructure and platforms.

Solera performs rigorous due diligence of downstream Diabetes Prevention Program (DPP) providers. DPPs in our network are able to offer clients a much greater sense of data privacy/security when utilizing nonclinical community and digital providers.

The Solera platform provides healthcare companies with robust security features at the infrastructure, network, and application layers. Additionally, healthcare companies can safeguard their sensitive data with granular controls including two-factor authentication, role-based user access policies, and record and field-level encryption.


Solera’s platform encryption service maintains encrypted data at rest by using strong certified standards while making every field encryption-aware, so that features that use encrypted fields still function. There’s no reason to sacrifice usability for security within the Solera platform. This is because data at rest is encrypted at the metadata layer, making it possible for application functionality to remain intact.

Solera’s platform encryption uses AES-256 secure encryption of data in transit and at rest. We also maintain a sophisticated, FIPS 140-2-certified, HSM-based, key management architecture. The key management approach gives Solera complete control over the lifecycle of encryption keys. Capabilities include:

Compliance Standards

Solera verifies that our services meet the highest compliance standards and can demonstrate how we achieve compliance to our customers.

Please contact Solera Health’s Compliance for any questions regarding Data Security or Compliance processes involving Data Security at: