Healthify’s Platform Achieves HITRUST CSF Certification


Certification validates Healthify’s commitment to protecting sensitive healthcare information

Healthify is excited and proud to announce that our platform is officially HITRUST CSF certified. The HITRUST CSF certification is the most widely recognized security accreditation in the healthcare industry.


As the healthcare industry continues its’ steady march towards digital and cloud-enabled solutions and strategies, data privacy and security are critical dimensions of any product. By becoming HITRUST CSF certified, the HITRUST Alliance confirms that our products meet modern best practices in security and data privacy for digital health products.

Since beginning business operations, Healthify has adhered to HIPAA regulations but while HIPAA regulations are comprehensive, they fall short in two ways: 1) they lack an authoritative, independent audit process and 2) implementation of many HIPAA requirements are subject to the interpretation of the respective organization. In other words, two organizations may be HIPAA compliant, but each of them may have varying security and privacy programs. The lack of a ubiquitous, independent HIPAA audit in combination with the “addressability” of some of its’ requirements are too often, and justifiably, off-putting to many large health plans and providers. The HITRUST CSF addresses these challenges.


The HITRUST (Health Information Trust) Alliance is a nonprofit organization dedicated to creating programs that protects data and manage risk. HITRUST provides programs that manage risk and compliance in addition to a data de-identification framework. The Alliance also supports initiatives that advance cyber sharing, analysis and resilience. One of the core programs developed by healthcare and IT professionals in conjunction with the HITRUST Alliance is the Common Security Framework (CSF).

The CSF confronts the varying security, privacy and regulatory challenges that healthcare organizations face when accessing, storing and exchanging sensitive data (i.e. PHI). The framework includes federal and state regulations like HIPAA and components of other leading compliance and regulatory frameworks, including ISO and NIST. The HITRUST CSF helps organizations address some key challenges of HIPAA by managing security and risk through a comprehensive yet authoritative set of security and privacy controls.

Path to Certification

Our HITRUST CSF certification demonstrates that our Search, Track and Coordinate products have passed the HITRUST CSF Validated Assessment. To pass this assessment, we engaged with a CSF Certified Assessor who audited our Information Security Management System, which consists of our security and privacy policies, procedures and supporting collateral.

The Validated Assessment was performed over the course of many months and involved:

  • Crafting and extending security policies
  • Building and testing procedure runbooks
  • Installing IT systems
  • Collecting information from 3rd party partners

While this process was resource intensive, completing this assessment forced us to question our assumptions about security and system design. The process helped us gain a deeper appreciation of our security posture and how we can ensure users of our platform are protected from security breaches

Benefits of HITRUST CSF Certification

With our CSF certificatied platform, users of our products can rest assured that we’re exceeding security expectations. The HITRUST CSF fills security gaps that may be overlooked by other frameworks. As cyberattacks on organizations within the healthcare industry continue, it is important to bridge any gaps in information security. The controls implemented to comply with the CSF are critical tactics to mitigate against these types of risks.

Doctor_Patient.jpgAdditionally, HITRUST’s approach to security and compliance enables organizations to reduce the time spent on audits. Moreover, because of the 3rd party assurance of our platform’s CSF certification, organizations may be able to move through IT review procurement processes more quickly. By reducing the time spent on audits, organizations can dedicate more time and resources to creating strategies and frameworks that tackle social determinants of health (SDoH) and help improve health outcomes in at-risk patient populations.

At Healthify, we believe that no one’s health should be hindered by their need and our platform’s recent HITRUST CSF certification is just one way we’re empowering health plans and providers with the right tools to address unmet social needs. We’re thrilled to partner with organizations that are working to improve health outcomes for at-risk populations.

If you are a health plan or health provider interested in learning more about how our HITRUST CSF certified platform can help you better address unmet social needs, we’d love to talk. Connect with us here.


Topics: social determinants of health sdoh technology

Related posts