Posted on: November 27, 2018

Top-performing health information exchange puts privacy and security first

ALBANY, N.Y.–Hixny announced today that it is the first health information exchange (HIE) in New York State to successfully meet the requirements of HITRUST CSF® certification on Version 9.1 for patient information security. The framework for HITRUST certification is continuously improved upon and updated, making it the most comprehensive security framework in the U.S. healthcare industry.

Hixny is one of the state’s qualified entities (QE) connected by the Statewide Health Information Network for New York (SHIN-NY)—a “network of networks” that allows the electronic exchange of clinical information and connects healthcare statewide–overseen by the New York State Department of Health. Last year, the SHIN-NY required all QEs in its network to become HITRUST certified by the end of 2018 as part of its 2020 Roadmap. The plan supports SHIN-NY’s goal of utilizing health information exchange to transform the healthcare landscape.

“We are pleased to be the first HIE in the state to achieve HITRUST certification and proud to join the elite and growing class of HIEs across the country who have successfully obtained HITRUST certification,” said Mark McKinney, CEO, Hixny. “We’ve always taken the privacy and security of our data very seriously and pride ourselves on being ahead of the crowd—and achieving HITRUST was no exception.”

Hixny invested 11 months to meet the high standards as quickly as possible. In addition to demonstrating compliance across 19 individual security domains and more than 600 different controls, Version 9.1 of the framework also includes controls that address cybersecurity laws specific to NYS. It validates that Hixny meets the highest established security standards, including those set by HIPAA and the Centers for Medicare and Medicaid Services (CMS). As noted in HITRUST’s report to Hixny, certification is effective as of the submission date—August 28, 2018.

Hixny engaged the third-party firm, Tevora, a specialized management consultancy focused on cybersecurity, risk and compliance services to provide an independent audit, which led to Hixny’s HITRUST certification.

“Achieving HITRUST is a significant accomplishment,” says John Huckeby, managing director of healthcare for Tevora. “It demonstrates the highest levels of security and Hixny’s commitment to safeguarding sensitive patient information. It was a privilege to work with such a passionate group of people all working toward the goal of protecting patient privacy.”

Hixny recently announced an expansion to nine counties in Hudson Valley and the Southern Tier of the state, committing substantial funding to meeting physician demand for more reliable and secure patient information.

“In today’s world of cyberattacks and ransomware these measures are crucial and bring a whole new level of preparedness to protect the patients and providers relying on Hixny,” continued McKinney. “Having accomplished this significant milestone re-emphasizes our commitment to security and delivers assurances to the providers already using Hixny and those considering connecting to us.”

Hixny will be performing extended maintenance beginning Thursday, December 31 through Friday, January 1. During this time, all services
will be impacted and unavailable—including access to the provider portal.