Subscribe to RCE news

QHIN Cybersecurity Certification

Background

Per Section 12.1.2 of the Common Agreement, QHINs must achieve and maintain third-party certification to an industry-recognized cybersecurity framework demonstrating compliance with all relevant security controls, as set forth in the Standard Operating Procedure (SOP): QHIN Security Requirements for the Protection of TI v1.1. 

This page lists the certifying bodies that meet the RCE’s security certification requirements as outlined in the SOP.

Standard Operating Procedure (SOP):

QHIN Security Requirements for the Protection of TI

Rev.1 (updated as of May 2022)

Download PDF

Certification Bodies

Certification bodies providing services that meet these requirements, but that have not yet been utilized by a designated QHIN, may also request approval to be included.

A QHIN needs to attain and maintain only one of the approved certifications.

Cybersecurity Certification Body Certification No. of QHINS Certified Approval Date Status
HITRUST r2 Validated Assessment 0 5/10/22 Active

This program is supported by the Office of the National Coordinator for Health Information Technology (ONC) of the U.S. Department of Health and Human Services (HHS) under grant number 90AX0026, Trusted Exchange Framework and Common Agreement – Recognized Coordinating Entity (RCE) Cooperative Agreement Program, in the amount of $5,101,000 with 100 percent funded by ONC/HHS. This information or content and conclusions are those of the author and should not be construed as the official position or policy of, nor should any endorsements be inferred by ONC, HHS or the U.S. Government.

Stay Connected

Complete the form below and join our mailing list.