We're HITRUST Certified

We take security of our healthcare payer and provider clients’ patient and member information security and privacy seriously. In fact, ADVault is the only digital advance care planning platform that is certified HITRUST compliant – an important differentiator.


HITRUST Common Security Framework (CSF)

HITRUST Common Security Framework (CSF) is the United States equivalent to the European General Data Protection Regulation. Certification involves an independent third-party assessment that verifies an organization has met all the industry-defined certification requirements relating to security and privacy of sensitive data. To learn more about Why digital health companies should be HITRUST certified, review this timely article from Jim Farrell in MedCity News.

Rigorous Annual Certification Process

In our case, this means an in-depth analysis and evidence-based investigation of over 256 different data privacy and protection domains by an independent third-party auditor on an annual basis.

The requirements imposed on companies seeking HITRUST Certification include the following:

  • Audit logging and monitoring of all access to all information systems.
  • Extensively documented policies and procedures around data security and privacy, including physical office and network security.
  • Comprehensive data encryption, both at rest and in transit, for example hashed storage and encrypted transmission).
  • Thorough credential / key management, including multi-factor authentication and forced password changes with preset parameters.
  • Regularly updated and tested Business and Disaster Recovery Plans.

Contact us to learn more about our regulatory compliance, data security, and privacy approach.

certification-HITRUST-CSF_new-1 eHealth Exchange Logo Commonwell Health Alliance Logo Is