PrescribeWellness Attains Service Organization Control Type II (SOC 2) Compliance

Follow by Email

IRVINE, Calif.—June 26, 2018—PrescribeWellness, a leading cloud-based patient relationship management solutions company that inspires collaboration between pharmacies, payers, providers, pharmaceutical companies, and their patients for better health, today announced that it has attained Service Organization Control Type II (SOC 2) compliance—independent validation that the company’s internal security controls are in accordance with the American Institute of Certified Public Accountants’ applicable Trust Services Principles and Criteria.

“It’s no secret: healthcare data is very valuable, which is why the healthcare industry currently suffers from the largest cybersecurity attack surface,” said Todd Plesco, Chief Information Security Officer of PrescribeWellness. “In order to legitimately combat these threats, healthcare companies cannot remain complacent. In attaining SOC 2 compliance, PrescribeWellness is demonstrating a strong commitment to cybersecurity, information assurance and protecting the interests of our clients—now and in the future.”

“This creates an added degree of confidence that PrescribeWellness’ running controls are mitigating cybersecurity risks,” added Raymond Pompon, principal threat research evangelist at F5 networks and author of “IT Security Risk Control Management.”

Many healthcare companies assume security policies and protocols are in place by relying on the SOC 2 attestations attained by their data center or third-party providers. PrescribeWellness opted for a more rigorous approach and worked with independent certified public accounting firm BDO USA, LLP, to perform a thorough, in-depth audit of the control objectives and security activities of the organization.  

In making assessments for SOC 2 compliance, auditors monitored to see if PrescribeWellness security policies and protocols were maintained based on the systems and processes in place and determined the extent to which they were in compliance with the five trust service principles: security, availability, processing integrity, confidentiality, and privacy.

Contrary to popular belief, a third-party SOC 2 does not ensure that your technology partners safeguard data in an application or with employee access. But an internal does,” said Yesi Orihuela, Chief Technology Officer of PrescribeWellness. “In attaining compliance, PrescribeWellness is signaling the value and emphasis it places on information security. The time for pharmacy, payer, pharmaceutical constituents, and the healthcare community at large to change the discussion and start focusing on their own organizational security is now—and long overdue.”     

About PrescribeWellness

PrescribeWellness is a leading cloud-based patient relationship management solution company that inspires collaboration between pharmacies, payers, providers, pharmaceutical companies, and patients for better health. PrescribeWellness enables cooperation between disparate healthcare systems for better health across America by connecting patients to locally owned community pharmacies. Its proprietary cloud-based platform empowers pharmacists to provide more effective preventive healthcare services, which improve medication adherence, chronic disease management, transitions in care, and population health. With data integration and behavioral science as the foundation, PrescribeWellness software solutions position the pharmacist at the center of community healthcare prevention. Inc. 5000 named PrescribeWellness one of America’s Fastest Growing Privately-Held Companies for the past three years. For more information, please visit

Media Contact:

Alessandra Nagy

Get the latest posts in your inbox!