PLANO, TEXAS— March 19, 2019—Vivify Health, the developer of the nation's leading connected care platform for holistic patient care and engagement, announced its Pathways™ platform has earned a Service Organization Control 2 (SOC 2) Certification, which is the result of a rigorous, third-party security and availability audit of its technology and processes. Pursuing and earning the audit attestation is another demonstration of Vivify Health's unified, all-out effort to be the best-in-class and industry-leading remote patient care technology, demonstrating their commitment to data security through the practices and procedures it follows for protecting against unauthorized access, maintaining the availability of its service, and protecting the confidential information of its customers. highest patient data protection standards.

"Exceeding the highest ePHI and other data-security standards is and will always be one of our core values," said Michael Hawkins, Chief Technology Officer of Vivify Health. "That is why we devoted the significant time, personnel and technical resources to successfully complete the AICPA's SOC 2 audit and report. Our mission to help detect and prevent ePHI and other data breaches across the care continuum is always of top priority. We will continue to develop robust technology safeguards and secure information-sharing processes to ensure our patients', providers', and payers' data remains private and protected."

SOC 2 Audit compliance is a stringent security and availability audit program for service organizations developed by the American Institute of Certified Public Accountants (AICPA). The purpose of the SOC 2 audit and report is to provide industry-recognized and verifiable third-party assurance that Vivify Health has designed and implemented effective security controls to safeguard federally regulated electronic Protected Health Information (ePHI), as well as other confidential or private data.

The SOC 2 report was issued by an independent CPA firm, Coalfire Controls, LLC, and included an unmodified opinion on Vivify Health's controls relative to the audit's Security and Availability Trust Services Categories and Criteria.

During the examination, the independent auditors evaluated and tested controls over the following domains:

• Control environment

• Risk Assessment

• Communication and Information

• Risk Mitigation

• Monitoring Activities

• Control Activities

• Logical and Physical access controls

• System operations

• Change management

• Additional Criteria for Availability


About Vivify Health
Vivify Health is the innovative leader in connected healthcare delivery solutions. The company's mobile, cloud-based platform powers holistic remote care management through personalized care plans, biometric data monitoring, multi-channel patient education and functionality configured to each patient's unique needs. Vivify Health serves the nation's largest and most progressive health systems, healthcare organizations and employers—empowering clinicians to proactively manage the complexities of remote care and catalyzing employee health and productivity with a single-platform solution for all device and digital health data. The comprehensive, content-rich platform and turnkey workflow services enable providers to intuitively scale and maximize value across populations. For more information about Vivify Health, visit www.vivifyhealth.com. Follow us on Twitter and LinkedIn. Visit our Company Blog to access case studies, thought leadership, and news.