Collective trust

Trust isn’t developed in a day—it’s developed every day.
At Collective Health, we work every day to earn the trust of our clients and members.

Letter from the CEO

The trust of our customers and members means everything to us. We understand that trust needs to be earned, and we take that responsibility very seriously. Privacy and security are core to what we do. Our commitment to privacy comes from a deep respect for our customers, and we design our products and services with security and privacy in mind.

We will also never sell your personal information. We take these steps to protect the privacy of our members because we understand that the trust of customers and members is critical to our mission to transform healthcare. We will never stop working to earn and to keep your trust.

Ali Diab
CEO, Collective Health

Developing trust through
every product

Trust us, we’re HITRUST certified Collective Health has earned the HITRUST Risk-based, 2-year (r2) certification for its in-scope systems, one of the most comprehensive and rigorous security certifications a healthcare company can receive. Collective Health’s certification required our applicable systems to meet and maintain 270 security controls across 19 domains to help secure protected health information.
Learn more

Recommendations relevant to you We send members personalized communications that point them to partners, facilities, and benefits that help them get the right care and maximize their healthcare experience. If they’re not interested, they can dismiss them anytime.

Access defined by you Members have the ability to choose if they want others on their plan to have access to their protected health information (PHI). For example, if a member wants their partner to have visibility into their prescriptions, they can grant them access.

Secure messaging is status quo When members reach out for support through the member portal, their messages are secure and their questions are answered by trained Member Advocates.

Data, yes. Details, no. We’ve also designed our employer products with safeguards to minimize employer access to PHI. For example, by default, standard health plan reporting is aggregated and de-identified to limit company access to PHI.


We take pride in the security of our products and services. With our team of security engineers and risk and compliance professionals, we are committed to building and implementing safeguards that put the security of our clients and their members first.

Security by Design

Security and privacy are built into our products and services by design. As our platform, products and services evolve, the security and privacy of our clients and members remains a top priority.

End-to-End Data Protection

We utilize a defense in depth strategy that starts with a strong security architecture and layers in industry-leading encryption technologies to protect our client and member data both at-rest and in-transit.

Compliance and Transparency

We take compliance seriously. Our team is constantly assessing our platform and services against new and existing regulatory requirements and implementing industry best practices. And to make sure we’re always transparent with our clients and their members, we undergo an annual SOC-2 Type II attestation.

Contact us

Request our Security, Risk, and Compliance Whitepaper

Report a Vulnerability

Collective Health acknowledges the important role that independent security researchers play in internet security and we encourage responsible reporting of vulnerabilities that may be found in our website or associated applications. We are committed to working with security researchers to verify and address potential vulnerabilities. Please refer to our Responsible Disclosures Policy for instructions on submitting a suspected vulnerability.