eHealth Exchange

eHealth Exchange Achieves HITRUST Risk-Based, 2-Year Certification To Further Mitigate Risk in Third-Party Privacy, Security, and Compliance

(Vienna, VA – May 17, 2023) – eHealth Exchange, one of the nation’s largest health information networks connecting federal agencies, state, and regional HIEs, and healthcare providers in all 50 states, earned the HITRUST Risk-based, 2-year (r2) and NIST Certification for its HUB Platform.

HITRUST Risk-based, 2-year (r2) Certified status demonstrates that eHealth Exchange’s HUB Platform meets key regulations and industry-defined security requirements and is appropriately managing risk. This achievement places eHealth Exchange in an exclusive group of organizations worldwide that have earned this certification.

By including federal and state regulations, standards, and frameworks, and incorporating a risk-based approach, the HITRUST Assurance Program helps organizations address security and data protection challenges through a comprehensive and flexible framework of prescriptive and scalable security controls.

“This new certification builds upon our high-quality complex security compliance and privacy requirements that include technical and process elements,” said Jay Nakashima, executive director of eHealth Exchange. “HITRUST and NIST certification means eHealth Exchange’s HUB Platform provides the highest standards for data protection and information and validates that eHealth Exchange maintains important standards for sensitive and critical data. The HITRUST and NIST certification confirms what our members already know—that we are dedicated to securely connecting federal agencies and the private sector.”

“In today’s ever-changing threat landscape, HITRUST is continually innovating to find new and creative approaches to address challenges,” said Jeremy Huval, chief innovation officer of HITRUST. “eHealth Exchange’s HUB Platform HITRUST Risk-based, 2-year Certification is evidence that they are at the forefront of industry best practices for information risk management and compliance.”

Learn more about eHealth Exchange and the benefits for participating in our health information network and anticipated Qualified Health Information Network (QHIN) on our website at

Share Article

About eHealth Exchange

eHealth Exchange, a 501(c)3 non-profit dedicated to public good, is the oldest and largest health information network in the country and is most well known as the principal way the federal government exchanges clinical data among federal agencies and with the private sector. Recognized for certified data quality, trusted governance, transparency, and its commitment to privacy, eHealth Exchange facilitates the secure exchange of patient records for more than 250 million patients and processes roughly 21 billion data exchanges annually. Vendor-agnostic, with a broad public health focus, eHealth Exchange provides connectivity for more than 30 electronic health record systems, 60 regional and state HIEs, 75 percent of U.S. hospitals, 85 percent of dialysis centers, 70,000 medical groups, and payers in 34 states – as well as countless urgent care centers, surgery centers, and clinical laboratories. Five federal agencies (Department of Veterans Affairs, Department of Defense, Indian Health Service (IHS), Food and Drug Administration, and Social Security Administration) also participate in the network to share patient information with private-sector partners as well as other federal agencies. Active in all 50 states, eHealth Exchange connects to other national health information networks today via Carequality and now TEFCA as a Designated QHIN. See: / @ehealthexchange.

Have questions about eHealth Exchange?

We’ve got answers. Fill out this form to be contacted by a member of the eHealth Exchange team.

"*" indicates required fields

This form is not to be used to request patient data. Please visit our information handling practices for more information.

Request a meeting

Fill in your details and we'll be in touch.

This form is not to be used to request patient data. Please see our information handling practices for more information.