Achieving the Gold Standard for Data Protection: How eSOne™ Became HITRUST i1 Certified

At DeliverHealth, we’re proud to say that our industry-leading eSOne™ U.S. Platform has earned HITRUST® i1 Certification, the gold standard for data protection globally. Read on to learn more about our journey to HITRUST, why it matters, and how it gives IT teams, providers, and their organizations an added layer of confidence. 

Sadly, you don’t have to scroll too far down your feed these days to learn about the latest data breaches in healthcare. Last year set a record nobody wanted to achieve, with 725 data breaches reported to the Office for Civil Rights (OCR). These breaches exposed more than 133 million records. 

The rising cost and reputational harm associated with data breaches raises immense concerns for IT leaders within health systems and medical practice groups. How can CIOs be certain that the solutions their providers use meet the most stringent data protection requirements? Finding an answer means seeking solutions that use trusted cybersecurity frameworks and receive certification from respected organizations. 

What is HITRUST? 

HITRUST is an information protection standards organization and certifying body. Thousands of organizations worldwide use the HITRUST CSF framework and assessment program to ensure they: 

Have appropriate security and privacy controls in place. 
Can manage and mitigate cybersecurity threats effectively. 
Can comply with evolving regulations. 
Stay current with emerging cybersecurity.  
Currently, 81% of U.S. hospitals and health systems use, recommend, and accept HITRUST certification.  

Why seek HITRUST certification for eSOne? 

The eSOne Platform is already trusted by more than 2,000 healthcare organizations. We were confident that eSOne was built on solid security frameworks. However, we wanted an unbiased, third-party view to ensure we were taking every step possible to secure our customers’ data. By taking the important step to use HITRUST, we instilled confidence in our customers that data protection and security are our company’s No. 1 priority. 

Navigating the road to HITRUST Certification 

We started our road to HITRUST Certification in February 2023. There are three levels of HITRUST Certification for organizations—e1, i1, and r2. All three certification levels are based on the HITRUST CSF® framework, a comprehensive set of controls for risk management and regulatory compliance. The CSF framework is designed to help healthcare organizations adapt to emerging threats and evolving standards.  

The certification level an organization seeks to achieve is based on a company’s individual characteristics. For DeliverHealth and the eSOne U.S. Platform, the best fit was the HITRUST i1, a one-year validated assessment. Per HITRUST, i1 Certification is perfect for organizations that already have robust information security programs in place.  

The HITRUST i1 Assessment includes 182 curated and preset control requirements. To start the assessment process, we enlisted the help of an outside firm to perform a readiness review. Our assessor conducted a random sampling of two controls inside each domain. Once the readiness review was complete, our assessor began working with our teams to pull mountains of evidence to evaluate implementation performance of all 182 controls within the timeframe designated by HITRUST. 

Our assessor provided an evaluative score and worked directly with the HITRUST QA team to answer any questions before proceeding to validation and certification. 

We submitted our HITRUST i1 assessment and received certification for the eSOne U.S. Platform effective October 2023. 

What HITRUST Certification means for our customers 

HITRUST i1 Certification gives our customers confidence that we’re following proven security frameworks, minimizing their risks, and serving as good stewards of their most sensitive data. With an i1 Certification covering eSOne, you can be confident that your data remains protected against current and emerging threats. 

What’s on the Horizon for DeliverHealth and HITRUST?

This fall, we will start the process anew as we seek to earn HITRUST i1 Rapid Recertification for the eSOne U.S. Platform. We will also seek HITRUST Certifications for the Canada and Australia regions of our platform. And, as we develop new products, we’ll look to align those with the proven HITRUST framework as well. 

Achieving HITRUST Certification marked a major milestone for our team at DeliverHealth. It takes a village to prepare for, and complete, the assessment. We are thankful for the contributions of our Research and Development, Human Resources, IT, and Governance, Risk, & Compliance teams for spending countless hours compiling evidence so to ensure that our organization was assessment-ready. 

We’re looking forward to doing it all again, because we know that certifications like HITRUST demonstrate our strong company-wide commitment to data privacy and compliance, which ultimately builds trust and benefits our customers and business partners. 

Learn more about our unique approach to governance, risk, and compliance.