Certifications and Accreditations

Certifications and Accreditations

Accreditations, Trust, and Interoperability

HITRUST CSF Certification Logo

HITRUST CSF Certified status demonstrates that the Secure Exchange Solutions systems and supporting infrastructure meet the HITRUST CSF v.9.2 certification criteria including the Health Information Service Provider, Certificate Authority, Registration Authority, analysis tool and automated notifications platform.  HITRUST CSF Certified status demonstrates that the Secure Exchange Solutions has met key regulations and industry-defined requirements and is appropriately managing risk. This achievement places Secure Exchange Solutions in an elite group of organizations worldwide that have earned this certification. By including federal and state regulations, standards, and frameworks, and incorporating a risk-based approach, the HITRUST CSF helps Secure Exchange Solutions address these challenges through a comprehensive and flexible framework of prescriptive and scalable security controls.

Secure Exchange Solutions information security framework has a comprehensive set of policies, procedures, and processes implemented in the services infrastructure to support customers’ needs and requirements. Protecting customers’ sensitive information is a foundational principle of SES technology platform and these efforts are recognized by the HITRUST Alliance in the HITRUST CSF Certification and the NIST Cybersecurity Framework Certification.

DIRECTTRUST – A pioneer in offering technical trust and confidence in the secure exchange of health information, DirectTrust is committed to collaboration for advancing secure communication. As a non-profit trade alliance, DirectTrust operates not only as a membership organization, but also as an ANSI-accredited standards body, a trust framework supported by policy, and an accreditor for reliable and trusted exchange across the DirectTrust network.

Third-Party Audits

Secure Exchange conducts third-party audits and penetration tests monthly, including manual penetration testing of our platform and internal and external network penetration testing for our cloud solutions.  Intrusion detection is used to monitor cloud activities and processes.


SES deploys its services on the AWS industry-leading hosting platform and supports scalability, high availability and on-demand capacity management through cloud options. Scalability and availability for the cloud based software platform is critical to support millions of messages, hundreds of thousands of providers and millions of patients. SES services are available in a SOC 2/SSAE 16/ISAE 3402 audited infrastructure that is ISO 27001 certified and has achieved PCI DSS Level 1 accreditation, Level 1 PCI compliance. The service adheres to HIPAA-compliant security controls and is in compliance with HIPAA’s Security and Privacy Rules.

Powered by AWS Cloud Computing

Take health information exchange to new levels with Secure Exchange Solutions. Contact us today.