HealthShare Exchange Achieves HITRUST CSF® Certification to Manage Risk, Improve Security Posture, and Meet Compliance Requirements

Philadelphia, Pa., March 2, 2018 —  HealthShare Exchange (HSX), one of the nation’s leading health information exchanges announced that its certified systems1 have earned certified status for information security by HITRUST.  This security framework can be used by organizations that create, access, store, or exchange sensitive and/or regulated data.

This accomplishment by HSX demonstrates that the organization’s certified systems1 have met key regulations and industry-defined requirements for managing patient health information and that it is appropriately managing risk around activities related to this data.  The designation places HSX in an elite group of organizations worldwide that have earned this certification.  By including federal and state regulations, standards and frameworks, the HITRUST CSF helps organizations address security and security requirements.

“We are proud of this achievement,” said Daniel Wilt, Senior Director of Information Technology and Chief Information Security Officer at HSX.  “Health information exchange organizations are under great pressure to meet complex compliance requirements that include technical and process elements such as HIPAA, NIST, ISO, and COBIT.  The HITRUST CSF is the gold-standard that needs to be met, and HSX is pleased to demonstrate its commitment by achieving this certification.”

HIPAA is the Health Insurance Portability and Accountability Act (HIPAA).  NIST is the National Institute of Standards and Technology.  ISO is the International Organization for Standardization.  And, COBIT is the Control Objectives for Information and Related Technology.

“The HITRUST CSF has become the information-protection framework for the health care industry, and the CSF Assurance program is bringing a new level of effectiveness and efficiency to third-party assurance,” said Ken Vander Wal, Chief Compliance Officer at HITRUST.  “The HITRUST CSF Certification is now the benchmark against which organizations that are required to safeguard such private and sensitive data as patient health information are measured, with regards to information protection.”

The HITRUST CSF provides an efficient and prescriptive system for managing data security requirements laid out in various acts, regulations, and technology standards concerning the handling and use of restricted information.  Certified organizations must have established security processes and meet an ongoing and evolving set of requirements.

“HITRUST has been working with the industry to ensure the appropriate information protection requirements are met when sensitive information is accessed or stored in a cloud environment. By taking the steps necessary to obtain HITRUST CSF Certified status, HSX is distinguished as an organization that people can count on to keep their information safe,” said Vander Wal.

HSX is gratified to be an early adopter of this framework among the nation’s health information exchanges.  This accomplishment was the result of more than a year of HSX staff work required for the certification program.

“Achieving HITRUST CSF Certification is proof of the rigor of the procedures, infrastructure, and safeguards that we have around patient health information,” said Nathan Hecker, Technical Operations Lead at HSX.  “Our members and participants can have confidence in HSX and this security designation.”

1 – Mirth Results, Mirth Match, Mirth Mail, Encounter Notification System, Data Analytics and Hosting, and HSX infrastructure




About HealthShare Exchange
HealthShare Exchange (HSX) is a non-profit health information exchange organization serving the greater Delaware Valley region, including the southeastern Pennsylvania and southern New Jersey.  Founded in 2009 and incorporated as a nonprofit organization in 2012, HSX was formed as a collaboration among major healthcare stakeholders, including health plans and acute-care hospitals to enable the electronic exchange of patient information to improve patient outcomes and to manage and lower healthcare costs.  For more information, please visit