Ursa Studio has achieved HITRUST CSF® Certified status, demonstrating that it has met key regulatory requirements and industry-defined requirements and is appropriately managing risk. This achievement places Ursa Health in an elite group of organizations worldwide that have earned this certification.

By including federal and state regulations, standards, and frameworks, and by incorporating a risk-based approach, the HITRUST CSF helps organizations address these challenges through a comprehensive and flexible framework of prescriptive and scalable security controls.

SOC 2 Evaluated

Ursa Health has successfully completed the System and Organization Controls (SOC) 2 audit process. The SOC 2® Type II examination is conducted in accordance with attestation standards established by the American Institute of Certified Public Accountants (AICPA). Type II evaluation tests the design and operating effectiveness over time of key internal controls, such as security, availability, processing integrity, confidentiality, and privacy.


Minimal data movement

To maintain data integrity, the platform does not move or extract data but instead directly queries the database. We use industry-standard encryption to secure traffic between our application server and your database. Answers are returned to the user without copying PHI.

Multi-level user controls

Ursa Studio supports two-factor authentication and can delegate authentication to AD or SAML. The platform  can also handle authentication natively with its HITRUST-compliant password management system.

You can set access permissions by group or user, as well as restrict data access anywhere from the report level to the row level, making it easier to control who sees what information.

Monitoring and alerting tools are a critical component of Ursa Studio. In addition, the platform maintains a full audit trail of changes to Measures and Data Objects, with one-click recovery of any previous state.

Varied role types

  • Grant different privileges based on role type
  • Set up and enforce roles within Ursa Studio, or integrate with your enterprise credentialing system (e.g., AD, SAML)

Healthcare-specific visibility settings

  • Learning and the motivation to improve require that users understand performance across similar groups (e.g., hospitals or physicians) while balancing the need to protect PHI.
  • Ursa Studio automates this balance by sharing global results, with the case-level review limited based on whether the individual was actually involved in the case.
visibility settings

Want to learn more about Ursa Studio?

Want to talk?

We’d love to hear about your ideas for innovating in your organization and see if we can help ease you past your pain points.