Interview: How Caspar Health improves information security and data privacy through the ISMS certification

by Jann Gerrit Ohlendorf at April 25, 2023

The ISMS team around Abhilash Thobias with Christian Otto, Elisabeth Hegele, Max von Waldenfels, Nadiia Kotelnikova, Cordula Siepmann and Konstantin Dubiel, as well as Britta Robens and Sebastian Knapp (the two inserted in the picture greeting from remote) is excited about the certification.

Caspar Health handles information and data with particular care. For a company that works with healthcare data, this should go without saying. However, not every company in this industry can demonstrate such stringent standards regarding information security and data protection and security.

Through our certification of the Information Security Management System (ISMS) in line with the requirements of the global ISO 27001 standards, Caspar Health is now able to offer customers data protection of the highest standard

Abhilash Thobias

Abhilash Thobias

To learn more about the importance of ISMS, we sat down with our ISO Information Security Officer Abhilash Thobias to discuss what advantages this certification has for patients and our partner clinics. Furthermore, we talked about what the certification changes in terms of how Caspar Health works, and why it usually take much longer for companies to complete it.

Why did it make sense for Caspar Health to go through a complex
certification process for validating our Information Security Man-
agement System (ISMS)?

When operating in Europe – especially in Germany – we as consumers know how valuable our data is. As a company, it’s especially important to us at Caspar Health to be mindful with our patients’ data. This was something that we understood from a very early stage.

From the beginning, we were already taking concerted measures to ensure our patients’ trust. With this certification, our intention was to offer an additional layer of protection – to give patients and partner clinics that extra confidence when they decide to work up with us.

What is an ISMS in practice, and what practical advantages have we been able to achieve for patients and our partner clinics through this certification?

In simple terms, ISMS is a management style put in place to ensure that the appropriate steps are taken to make certain that information flows securely through the company. We want patients to rest assured that we’re doing everything in our power to keep their data safe.

In practice, this means, that from the moment a patient signs up with Caspar Clinic or through a partner clinic until the time when they discuss the results of their therapy after many months of training, exercises, and webinars, all the information they’ve given to us is handled with maximum level of privacy and security. Part of this protocol is not only ensuring that
access to data is exclusively given to authorized personnel, but that we’re fully transparent about who has had access to this data.

This extra layer of security for patients is certified by an independent, highly credible auditor – one who is held in extremely high regard across the globe.

The certification is also very good news for partner clinics. Thanks to this certification, they can trust that Caspar Health sets the highest standards in terms of processing and storing sensitive data across all areas. Another advantage is that these standards support and promote excellent quality, safe workflows, and lean processes in our day-to-day business because
they apply to each of our departments.

What other advantages does the certification bring about?

As mentioned before, with ISMS, we make sure that we follow standardized procedures to handle any workflow. Our teams are now working much more efficiently, which also benefits our patients. More stability, as well as the ability to share information in a streamlined way results in fewer errors.

Furthermore, all our employees, especially those who haven’t been with the company so long, require less time to manage their work efficiently.  

Only a few months passed between our first information about the certification to the successful certification. Why was the process so quick for us?   

This was actually supposed to be a 12-18 month process – that’s the standard timeline for a company who is pursuing to their information security management system compliant with ISO/IEC:27001:2013.

However, our timeline was comparatively ambitious!

Why is that? Well, first off, we live for data protection! Compliance was al-ways a high priority at Caspar. On the other hand, we firmly believe in going beyond what is necessary when it comes to data protection for our patients.

The certification puts us into the position to share this success with patients who want to know how high our standards are when it comes to data security. And as a pioneer in revolutionizing rehabilitation, our leading role in the healthcare market should also be reflected in the field of information security.

How can this high standard be secured from now on and firmly anchored in everyday life at Caspar Health?

With the certification we have taken the step to make sure that this high standard is maintained throughout everyday life in Caspar Health. 

Security is a part of our culture, so that every time we begin something new, the first step is ensuring that data is securely processed.
This certification isn’t a one-time win – it requires annual checks by the certification authorities to make sure that we’re adhering to the most stringent standards. For many companies this is a difficult task, as these checks are very exhaustive. But for us, it’s much easier. We already have a solid foundation in place to maintain this high standard that we have set for ourselves, which we live in our workplace each and every day.