Case Study: Omada Health achieves stronger information security and streamlined GRC with Reciprocity's ZenGRC

Omada Health Driving Greater Information Security in Digital Healthcare

Omada Health, a leading digital healthcare provider handling sensitive PHI for employers and health plans, struggled with risk and compliance managed in spreadsheets, lacked a single repository for controls and vendor oversight, and fell short of promised certifications. Seeking a GRC solution to make security a competitive differentiator, Omada selected Reciprocity’s ZenGRC to replace its fragmented processes and support rigorous third‑party attestations.

Reciprocity’s ZenGRC gave Omada a “single source of truth,” vendor module, customizable templates and risk heat maps to track complex programs (e.g., 1,347 objectives, 631 controls, 510 vendors, 82 risks). As a result of Reciprocity’s solution, Omada more than tripled the number of businesses and members served, moved from tracking ~40–50 vendors to actively managing 510, passed major security reviews, and achieved HITRUST and SOC 2 compliance—turning risk management into a market differentiator.

Omada Health

William Dougherty

Chief Information Security Officer