Litmus Health Achieves HIPAA Compliance and NIST Cybersecurity Framework Adherence for Real World Data Infrastructure

New York, NY, September 3rd, 2020 — Litmus Health, the research-ready infrastructure platform for real world data, today announced that an extensive third-party assessment of the company’s security practices has been completed. The assessment deemed Litmus infrastructure to be secure and compliant when measured against federal security regulations. The comprehensive evaluation reviewed Litmus’ processes and systems, assessing them to see whether they adhere to federal security standards. This includes HIPAA and FISMA compliance, as well as adherence to the NIST cybersecurity framework


Specific system tests conducted included:

  • Assessment of controls supporting the confidentiality, integrity, and availability of the application and its supporting services.

  • Verification of all security policies and procedures implemented as part of the Litmus system. 

  • Verification that security events support individual accountability and all for the review of all customer activities.

  • Inspection of security logs and audit archives to ensure that audit records are stored following policy requirements.

  • Verification that capabilities for remote system administration and unapproved services/protocols are disabled unless approved by organizational policy including application management from our Cloud Platform.

  • Verification that the latest patches and updates on supported cloud software, including configuration management and system tracking processes, are applied.

  • Verification of access control mechanisms including auditing and privileged account access.

  • Verification of encryption methodologies for secure transport of system data, as well as review of end-to-end encryption for data transport and storage.


With the rise of real world data collection in the pharmaceutical industry, there has been increased demand for industry-wide data standards and established security protocols to ensure data integrity. Litmus serves customers interested in the collection, management, and analysis of real world evidence, improving clinical trial veracity by ensuring data collection is held to the highest standards.


“Data standards and security are the foundation for all of our customer engagements. We're excited to offer these review results as an additional measure of confidence in Litmus Health's information security efforts to maintain the public trust,” said Dr. Sam Volchenboum, cofounder and Chief Medical Officer of Litmus. “This assessment builds on Litmus’ established track record of leading by example, and practicing what we preach. Anyone incorporating wearables into their trials should demand nothing less.”


Litmus’ assessment was completed by IT Federal Services, a commercial security services organization, specializing in providing information assurance and cybersecurity consulting services to government and commercial organizations. 


IT Federal Service’s risk assessment consisted of an in-depth review of security controls, which included policies and procedures implemented for Litmus‘s systems. The assessment also ensured the validity of any technologies based on the current architecture design and security protections with the application and data controls.


“After comprehensively evaluating Litmus Health’s systems and processes, I have full confidence in stating that they are adhering to the most rigorous security protocols in the industry,” said Dan Weiske, CEO and Principal Consultant of IT Federal Services. “I found their systems to be of the same level of standard as those of a federal system, which is particularly impressive for a company that is paving the way for new types of data collection.” 


With reliable data engineering, first-rate data quality, and flexible deployment, the Litmus platform is used by pharma companies globally that are looking to effectively integrate real world data into clinical trials. 


About Litmus Health

The answers we need are all around us. Litmus is research-ready infrastructure for real world data. We help our customers understand patient behavior and environment in multiple dimensions.


Litmus uses real life data collected at the point of experience from wearables, smart devices, and home sensors to guide management and inform both new and traditional endpoints. We help our customers increase the certainty of their conclusions and describe the full value of their work. From small observational studies to large scale registries, we help researchers unlock fundamentally new insights from remote and telemetric patient data.


To learn more, please visit: