eHealth Exchange Achieves HITRUST Risk-Based, 2-Year Certification To Further Mitigate Risk in Third-Party Privacy, Security, and Compliance

VIENNA, Va., May 17, 2023 (GLOBE NEWSWIRE) -- eHealth Exchange, one of the nation’s largest health information networks connecting federal agencies, state, and regional HIEs, and healthcare providers in all 50 states, earned the HITRUST Risk-based, 2-year (r2) and NIST Certification for its HUB Platform.

HITRUST Risk-based, 2-year (r2) Certified status demonstrates that eHealth Exchange’s HUB Platform meets key regulations and industry-defined security requirements and is appropriately managing risk. This achievement places eHealth Exchange in an exclusive group of organizations worldwide that have earned this certification.

By including federal and state regulations, standards, and frameworks, and incorporating a risk-based approach, the HITRUST Assurance Program helps organizations address security and data protection challenges through a comprehensive and flexible framework of prescriptive and scalable security controls.

“This new certification builds upon our high-quality complex security compliance and privacy requirements that include technical and process elements,” said Jay Nakashima, executive director of eHealth Exchange. “HITRUST and NIST certification means eHealth Exchange’s HUB Platform provides the highest standards for data protection and information and validates that eHealth Exchange maintains important standards for sensitive and critical data. The HITRUST and NIST certification confirms what our members already know—that we are dedicated to securely connecting federal agencies and the private sector.”

“In today’s ever-changing threat landscape, HITRUST is continually innovating to find new and creative approaches to address challenges,” said Jeremy Huval, chief innovation officer of HITRUST. “eHealth Exchange’s HUB Platform HITRUST Risk-based, 2-year Certification is evidence that they are at the forefront of industry best practices for information risk management and compliance.”

Learn more about eHealth Exchange and the benefits for participating in our health information network and anticipated Qualified Health Information Network (QHIN) on our website at

About eHealth Exchange

eHealth Exchange, a 501(c)3 non-profit, is among the oldest and largest health information networks in America and is most well-known as the principal way the federal government shares data between agencies and with the private sector. eHealth Exchange, a network of networks, is the only network connecting healthcare providers to five federal agencies, 61 regional or state HIEs, 75 percent of all U.S. hospitals, and 85 percent of dialysis clinics running on more than 30 electronic health record (EHR) platforms. National interoperability is facilitated by one common trust agreement and a single set of APIs. Five federal agencies (Department of Veterans Affairs, Department of Defense, Indian Health Service, Food and Drug Administration, and Social Security Administration) participate in the network to share patient information with private-sector healthcare partners as well as other agencies. eHealth Exchange supports the secure exchange of the more than 14 billion patient record transactions annually. eHealth Exchange was approved as a Qualified Health Information Network (QHIN) candidate under the Trusted Exchange Framework and Common Agreement (TEFCA).

Hera Ashraf
eHealth Exchange

Jane Bryant
Spire Communications