Data Protection and Security

Data security and privacy at symplr

At symplr, securing customer data is a core focus in our product development. We integrate robust security measures into all our SaaS solutions. Our policies, practices, and technologies are designed to safeguard your data across symplr products and services. We are committed to implementing best practices to mitigate potential threats, allowing you to focus on optimizing healthcare operations for your organization.

We pride ourselves on our commitment to data protection and information security, especially as cybersecurity is one of the top concerns for healthcare organizations. At symplr, we are pleased to demonstrate our value as a trusted partner, protecting customer organizations’ highly sensitive and personal data.

BJ Schaknowski

CEO, symplr


Transparency and data protection

Cyberattacks on healthcare organizations pose significant threats, compromising systems, patient safety, and disrupting operations. Consequently, there’s increased demand for robust data protection from technology providers.

At symplr, transparency is paramount. We are always clear about our policies, operational practices, and technologies to help ensure the security, compliance, and privacy of your data across symplr products and services.

Our commitment to you

Shield Lock _Group A

We understand that when you use our solutions and services, you’re entrusting us with one of your most valued assets—your data. We are committed to transparency regarding our policies, operational practices, and technologies, helping you understand our approach to data security and privacy.

Rating Star Winner _Group A

symplr fosters a security-focused culture as evidenced by our Secure by Design Pledge. We strive to adopt and implement security best practices to support a more secure infrastructure for our customers.

Cog Gears_Group A

Our commitment to cybersecurity and privacy is demonstrated by leveraging best practices in technology and processes for data collection, processing, and management.

Secure by Design Pledge 

symplr is proud to support the Cybersecurity and Infrastructure Security Agency’s (CISA) Secure by Design Pledge, underscoring our commitment to a proactive cyber and information security. This initiative’s seven core goals aim to foster a preemptive and resilient cybersecurity environment. The pledge aligns with symplr’s dedication to adopting and advancing information security best practices and the symplr secure-by-default development processes.

SecurityScorecard "A" Rating

Because security is an ongoing journey, at symplr we continually invest in enhancing our cybersecurity and privacy posture. This commitment is reflected in symplr’s "A" rating from SecurityScorecard (as of June 6, 2024) across 10 risk factors: network security, DNS health, patching cadence, endpoint security, IP reputation, application security, cubit score, hacker chatter, social engineering, and information leak.

Accredited security and data protocols

symplr’s security and privacy strategy encompasses our software products, the guidelines and technology tools we deploy, and our internal processes. Our security measures are verified and accredited by the top industry certifications, as measured by leading independent third parties. We adhere to industry standards that are designed to protect data and security compliance.


symplr_Iconography_GroupD_24 star white
Service Organization Control Type 2 (SOC 2) Compliance

Customer data is processed and handled properly following a well-known set of security and privacy standards. Currently, 29 symplr products are SOC 2 Type II compliant. symplr Talent Suite has additionally achieved SOC 1 Type II compliance.



HITRUST Certification

symplr Payer, symplr Contract, and symplr Clinical Communications have all achieved certified status from HITRUST by demonstrating compliance with a comprehensive set of regulatory and industry standards for information risk management and data protection.

Security Protection

Leveraging a multi-layered security approach, including advanced solutions and services, to help prevent and control unauthorized activities and cyber threats.

Continuous Application & Perimeter Testing

Continuously testing our applications and defensive mechanisms with real-world scenarios to identify potential vulnerabilities, strengthen our network, and enhance incident response plans.

HIPAA Secure & Privacy

symplr products comply with HIPAA Security and Privacy regulations. Internal controls and training promote adherence to data and privacy compliance when data is manually shared or processed.

Internal Culture of Compliance

Executive support, continuous training, access controls, and a proactive posture on cybersecurity encourage our employees to be a strong defense against potential threats.

At symplr, we are steadfast in our dedication to customers to ensure healthcare workers have more time to focus on patient care, and security has a big role in that. While recognizing there are inherent risks, we take proactive measures to help strengthen our security protocols and continually improve. Our Secure by Design pledge, SOC 2 attestations, and HITRUST recertification for symplr solutions underscore our dedication to preventing and protecting against future threats by safeguarding sensitive data, recognizing that healthcare systems cannot afford disruptions.

Saeed Valian

Chief Information Security Officer, symplr

Have an issue to report?

If you are a current customer looking to report an issue or event, please reach out to customer support.