Better Health for All

Definitive Healthcare Corp. is a healthcare data and analytics company whose products do not have direct health impacts, nor do they generate revenue from activities with negative health outcomes.

Its products do not have direct safety implications for physical or mental health, and its business model does not involve serving vulnerable populations with health needs or offering health products that require price accessibility considerations for individual patients. The company completed a SOC2 Type II attestation for its data security program, excluding one recently acquired product line, and reported no material data breaches or monetary losses from legal proceedings related to privacy in 2023. It also complies with various data privacy regulations (CCPA, GDPR, etc.). However, the company's privacy policy states that data is collected from publicly available information, surveys, and licensed from third-party providers, and it is registered as a data broker in California, Vermont, Oregon, and Texas. This indicates that while data handling practices are outlined, the collection methods may not always involve direct consent from individuals, impacting risk transparency.

Fair Money & Economic Opportunity

Definitive Healthcare Corp. is a healthcare data and analytics company

, not a financial institution that offers lending, insurance, or deposit services to consumers. The company's core business model does not involve consumer financial products or services. Therefore, KPIs related to consumer lending, APRs, fee structures, loan books, customer financial data portability, or debt products are not applicable. While the company engages in internal DE&I initiatives and charitable giving , these do not directly address the specific metrics of financial inclusion, fair lending, or wealth building for underserved populations as defined by the rubric's KPIs for financial services.

Fair Pay & Worker Respect

Definitive Healthcare's CEO-to-median employee pay ratio for 2024 was 110:1, based on CEO Kevin Coop's total compensation of $11,222,304 and a median employee pay of $102,363.

No specific regulatory actions, violations, fines, or compliance issues related to labor laws or human rights are mentioned across the provided articles.

Fair Trade & Ethical Sourcing

Definitive Healthcare Corp. is a healthcare data and analytics company, which primarily deals with data and software rather than physical commodities.

Therefore, the company does not procure or trade physical commodities, resulting in no spend covered by fair-trade certifications, no supply chain tiers to map for provenance, and no material sourcing of at-risk inputs. While a Vendor Code of Conduct exists, there is no evidence of the percentage of suppliers whose contracts include enforceable ethical-sourcing clauses.

Honest & Fair Business

The company expects to record an aggregate increase to general and administrative expense of between $6.8 million to $10.2 million over impacted periods, assuming maximum interest and penalty assessments for unassessed sales tax.

The Audit Committee concluded that previously issued audited consolidated financial statements for 2020, 2021, and 2022, and unaudited quarterly statements for those years and Q1 2023, should no longer be relied upon due to this issue, necessitating a restatement. Definitive Healthcare has a comprehensive Whistleblower and Reporting Policy, including a 24/7 toll-free ethics hotline staffed by an outside company, a web portal for reports, and a prohibition against retaliation. The Chief Legal Officer maintains a log of concerns and reports periodically to the Audit Committee. Employees are required to acknowledge the Code of Business Conduct and Ethics annually. The company has a Code of Business Conduct and Ethics and a Vendor Code of Conduct, both prohibiting bribery and corrupt conduct and requiring compliance with anti-corruption laws like the U.S. FCPA and UK Bribery Act. The Code is FCPA-compliant, but the frequency and effectiveness metrics of training are not specified. The company joined the UN Global Compact in October 2022, committing to its ten principles, including anti-corruption. The company began a review of its sales tax positions with the assistance of outside consultants, and its independent registered public accounting firm, Deloitte & Touche LLP, was consulted regarding the restatement. The company also participates in annual third-party audits to assess its operations and improve DE&I.

Kind to Animals

No evidence was found in the provided articles to assess Definitive Healthcare Corp. against any of the 'Kind to Animals' KPIs. The articles either discuss general cruelty-free brands

, , and investing principles without mentioning DH.US, or they cover unrelated topics such as healthcare supply chain tariffs and access to diagnostics. Therefore, all KPIs are omitted due to lack of specific, concrete data.

No War, No Weapons

Definitive Healthcare joined the United Nations Global Compact on October 5, 2022, and is committed to aligning its operations and strategies with the ten universally accepted principles, including human rights.

The company's Code of Business Conduct and Ethics applies to every team member and Board member. The company provides a Privacy Center and privacy notices on its website, detailing how personal information is collected and processed, and sends individual privacy notifications to verifiable contacts periodically.

Respect for Cultures & Communities

The provided articles do not contain specific, concrete data points for any of the KPIs related to 'Respect for Cultures & Communities'. Information regarding formal partnerships with indigenous or local community groups, revenue reinvested in local community development, cultural appropriation incidents, cultural impact assessment protocols, local employment ratios, grievance mechanisms, FPIC participation rates, community governance inclusion, cultural preservation investment, local procurement share, indigenous supplier count, cultural site protection, social license to operate, charitable giving to cultural heritage organizations, community fund allocation, language inclusivity, cultural incident response, or cultural training completion rates is not explicitly provided.

While general charitable donations and employee volunteer hours are mentioned, the articles do not specify if these activities are directed towards local community development or cultural heritage organizations, nor do they provide the necessary context or percentages relative to revenue or specific community impact.

Safe & Smart Tech

Definitive Healthcare has an unqualified SOC2 Type II attestation across all five trust service criteria (security, availability, confidentiality, processing integrity, and privacy), with the exception of a recently acquired entity expected to be covered in the 2025 cycle.

All employees are required to participate in annual end-user security awareness training, and phishing simulations are conducted on an ongoing basis with remedial training. Data classified as Confidential is encrypted in transit and at rest using industry-standard algorithms and ciphers. The company operates under the principle of least privilege, and applications supporting Single Sign-On (SSO) are configured with multi-factor authentication (MFA) enforced. All remote access to the DH network requires MFA and uses industry-standard encryption. Weekly and bi-weekly vulnerability scanning takes place across all infrastructure. The company maintains a comprehensive Application Security Program based on OWASP standards, performing Static Application Security Testing (SAST) as part of all build and release pipelines, Dynamic Application Security Testing (DAST) weekly, and Software Composition Analysis (SCA) on every software build. Annual manual penetration testing is performed by an independent third-party, with critical findings remediated within 90 days. The company claims compliance with GDPR, CCPA, and US federal privacy laws, and provides users with rights to access, rectification, erasure, restriction of processing, data portability, and objection. It aims to de-identify information or remove identifying data from records kept beyond specified retention periods and generally does not collect Sensitive Personal Information. The company has sold Personal Information related to healthcare providers and other individuals affiliated with healthcare organizations, including name, place of employment, professional title, business e-mail address and phone number, office address, social media links, and work or educational history.

Zero Waste & Sustainable Products

The company implements waste diversion practices and participates in recycling programs.

It also runs an electronic waste program to ensure ethical and environmentally sensitive disposal, reuse, or recycling of electronic hardware. Definitive Healthcare leases office space in buildings that comply with waste-related regulatory requirements, and there is no evidence of waste disposal violations in the past three years. The company has established company-wide social responsibility goals for 2023, which include environmental considerations. Furthermore, the company requires its vendors to comply with all applicable environmental laws and regulations, commit to minimizing environmental hazards, and conserve natural resources.