Accreditations, Trust and Interoperability
Secure Exchange Solutions provides secure, seamless exchange of health information across organizational boundaries.
HITRUST CSF Certified status demonstrates that the Secure Exchange Solutions systems and supporting infrastructure meet the HITRUST CSF v.9.2 certification criteria including the Health Information Service Provider, Certificate Authority, Registration Authority, analysis tool and automated notifications platform. HITRUST CSF Certified status demonstrates that the Secure Exchange Solutions has met key regulations and industry-defined requirements and is appropriately managing risk. This achievement places Secure Exchange Solutions in an elite group of organizations worldwide that have earned this certification. By including federal and state regulations, standards, and frameworks, and incorporating a risk-based approach, the HITRUST CSF helps Secure Exchange Solutions address these challenges through a comprehensive and flexible framework of prescriptive and scalable security controls.
Secure Exchange Solutions information security framework has a comprehensive set of policies, procedures, and processes implemented in the services infrastructure to support customers’ needs and requirements. Protecting customers’ sensitive information is a foundational principle of SES technology platform and these efforts are recognized by the HITRUST Alliance in the HITRUST CSF Certification and the NIST Cybersecurity Framework Certification.
DIRECTTRUST – A pioneer in offering technical trust and confidence in the secure exchange of health information, DirectTrust is committed to collaboration for advancing secure communication. As a non-profit trade alliance, DirectTrust operates not only as a membership organization, but also as an ANSI-accredited standards body, a trust framework supported by policy, and an accreditor for reliable and trusted exchange across the DirectTrust network.
EHNAC (Electronic Healthcare Network Accreditation Commission) is the premier accreditation authority promoting standards that support interoperability, stakeholder trust, regulatory compliance, quality service, innovation, and open competition within the healthcare industry. EHNAC promotes accreditation in the healthcare industry to achieve quality and trust in healthcare information exchange through adoption and implementation of standards.
Secure Exchange Solutions, Inc. has successfully completed the accreditation process of EHNAC by providing evidence that meets the EHNAC criteria in the following areas:
- Identification of data flows of confidential information such as Protected Health Information within the organization as well as with business partners outside of the organization;
- Verification that appropriate Business Associate Agreements are in place with all relevant entities;
- Review of HIPAA privacy policies and procedures;
- Review of HIPAA security safeguards in place (administrative, technical and physical);
- Review methods of secure transmission of data;
- Review of customer service metrics;
- Validation of accuracy of transaction exchange;
- Validation of system availability and capacity metrics;
- Validation of compliance with industry standards;
- Review of IT security best practices;
- Review of industry-specific best practices;
- Review of disaster recovery and business continuity processes;
- Review of workforce training; and
- Review of personnel qualifications.
This Certificate of Accreditation was issued by EHNAC after an objective and independent audit and review of all facilities in-scope of the accreditation, including datacenters and outsourced business partners. Secure Exchange Solutions has been accredited under the EHNAC HISP Privacy and Security Program, Cloud Enabled Accreditation Program, DTAAP Certificate Authority and DTAAP Registration Authority Program.
This Health IT Module is 2015 Edition compliant and has been certified by an ONC-ACB in accordance with the applicable certification criteria adopted by the Secretary of Health and Human Services. This certification does not represent an endorsement by the U.S. Department of Health and Human Services.
Certification date: 2/17/2017; Certification number: 15.04.04.2315.SESD.02.0.0.170217; Certification Criterion: 170.315 (d)(1-3); (g)(4,5); (h)(2). Clinical Quality Measures tested: None Additional software used: None
SES Direct users conduct health information exchange with other users of certified Electronic Medical Record systems, members of health information organizations and any other user of a trusted Health Information Services Provider (HISP) that supports the transmittal, processing and receipt of Direct messages. Direct messages may include clinical data, notes, discharge summaries, transitions of care notifications, and other health related information. Our SES Direct offerings support related Meaningful Use requirements for sending and receiving transitions of care summary documents.
Secure Exchange conducts third-party audits and penetration tests monthly, including manual penetration testing of our platform and internal and external network penetration testing for our cloud solutions. Intrusion detection is used to monitor cloud activities and processes.
SES deploys its services on the AWS industry-leading hosting platform and supports scalability, high availability and on-demand capacity management through cloud options. Scalability and availability for the cloud based software platform is critical to support millions of messages, hundreds of thousands of providers and millions of patients. SES services are available in a SOC 2/SSAE 16/ISAE 3402 audited infrastructure that is ISO 27001 certified and has achieved PCI DSS Level 1 accreditation, Level 1 PCI compliance. The service adheres to HIPAA-compliant security controls and is in compliance with HIPAA’s Security and Privacy Rules.