Our Commitment to Security & Compliance
At Nimble Health, we take data security seriously. As part of our commitment to protecting sensitive information, we have adopted the HITRUST CSF v11.3.2 r2—a globally recognized framework that integrates multiple security, privacy, and compliance standards.
Achieving HITRUST CSF r2 Certification on our first attempt in under a year with an exceptional score demonstrates our commitment to meeting the highest standards of data protection, risk management, and regulatory compliance. This ensures our customers and partners can trust us with their most sensitive information.
HITRUST Certification Status
Valid Until: December 12, 2026
Certification Scope:
In-scope Platforms:
- Health Data Management System (HDMS) residing at AWS Datacenter
- Health Data Management System – DW residing at AWS Datacenter
- Health Data Management System – Integration residing at AWS Datacenter
- Nimble Health CRM residing at Salesforce Hyperforce Instance
In-scope Facilities:
- AWS Datacenter (Data Center) managed by Amazon Web Services located in Northern Virginia Area, United States of America
- Salesforce Hyperforce Instance (Data Center) managed by Salesforce.com located in Oregon, United States of America
- Tampa Contact Center (Office) located in Tampa, Florida, United States of America
As part of our HITRUST CSF r2 Certification, Nimble Health has also obtained a HITRUST NIST CSF Report with Certification, demonstrating that our information protection program aligns with the objectives specified in the NIST Cybersecurity Framework v1.1.
For additional information regarding our HITRUST CSF r2 Certification, HITRUST NIST CSF Report, or overall Security posture, please visit our Trust page.
Why HITRUST Matters to You
Our HITRUST CSF r2 Certification and HITRUST NIST CSF Report with Certification simplify compliance and strengthen your security posture.
Compliance & Regulatory Standards
In addition to HITRUST r2 certification, Nimble Health aligns with industry-leading security and compliance frameworks, including:
HIPAA (Health Insurance Portability and Accountability Act)
ISO 27001 (International Standard for Information Security)
NIST Cybersecurity Framework
SOC 2 Type II (Security, Availability, Confidentiality)
We continuously update our security posture to stay ahead of
evolving threats and regulatory changes.
Trust & Transparency
At Nimble Health, we believe in full transparency when it comes to security. We utilize an integrated cybersecurity risk management platform that combines third-party security ratings, automated security assessment questionnaires, and continuous monitoring tools to identify and mitigate risks in real-time.
This approach enables us to assess vendor security postures, manage compliance risks, and proactively address cybersecurity threats, ensuring a strong and resilient security framework. Our comprehensive risk management solutions provide a clear view of our organization’s and third parties’ security postures, allowing us to respond swiftly to emerging vulnerabilities.
If you have any questions about our HITRUST CSF r2 Certification, HITRUST NIST CSF Report, security policies, or compliance efforts,
please reach out to our team.
