Cohere Health receives HITRUST recertification

Last month, Cohere Health®’s intelligent prior authorization platform was recertified for information security by HITRUST®.

HITRUST’s recertification designation places Cohere in an elite group of organizations that have demonstrated the utmost commitment to security, privacy, and regulatory compliance best practices.

Cohere first received HITRUST Risk-based, 2-year (r2) Certification in August 2022 for our company’s ability to meet key federal and state regulations and industry-defined requirements, and appropriately manage risk.

Certification (and recertification) process

As Vice President of IT and Security at Cohere, I got to work alongside my colleague, Brian Meehan, IT Governance, Risk and Compliance Specialist; other internal stakeholders; and a number of external partners to complete the rigorous and extensive HITRUST recertification process. 

Maintaining HITRUST Certification required Cohere’s intelligent prior authorization platform to be regularly monitored by a third-party organization that tested hundreds of security controls throughout the year.

The HITRUST Validated Assessment evaluates a company’s risk exposure due to data volumes, regulatory compliance, and other risk factors. Certification demonstrates that Cohere’s intelligent prior authorization platform meets comprehensive national and international security, privacy, and regulatory standards, including ISO, NIST, PCI, HIPAA, and GDPR. The certification process included over 300 assessment questions and 900 pieces of collected and submitted evidence, which takes extensive time, energy, and collaboration from stakeholders across the organization.

This achievement demonstrates our company’s unwavering commitment to safeguarding sensitive data and ensuring the trust of our health plan clients, partners, and stakeholders. HITRUST recertification not only validates our adherence to rigorous security and privacy standards, but also demonstrates our proactive approach to mitigating risks and protecting against emerging threats in today’s dynamic cybersecurity landscape.

Building a cybersecurity framework

In today’s digital landscape, cybersecurity is paramount. With ever-evolving threats and vulnerabilities–especially in the healthcare space–organizations must adopt robust frameworks such as the HITRUST CSF to safeguard sensitive information.

At Cohere, we’ve modeled our holistic cybersecurity program off the National Institute of Standards and Technology’s five functions, each playing a crucial role in managing cybersecurity risk at a high level and enabling risk management decisions.

• Identify: Understand an organization’s systems, assets, data, and capabilities to prioritize efforts and manage risks, including tasks such as asset management, risk assessment, governance policies, and supply chain strategies.
• Protect: Safeguard critical infrastructure services by managing identity, training, data security, information protection, maintenance, and technology resilience.
• Detect: Outline activities to promptly identify cybersecurity events, including monitoring anomalies and events, implementing continuous monitoring, and maintaining detection processes.
• Respond: Address cybersecurity incidents through planning, communication, analysis, mitigation, and improvement actions.
• Recover: Facilitate the restoration of capabilities and services post-cybersecurity incidents through recovery planning, process improvements, and coordinated communications.

Recognized leader in securing data

Securing data is a collaborative effort that can’t be done solely by the IT, Security, or Compliance departments. Our entire organization is dedicated to healthcare security, privacy, and regulatory compliance.

Cohere is one of the few companies focused on utilization management to have earned HITRUST Certification and Utilization Review Accreditation Commission (URAC) health utilization management accreditation, and we were also the first digital prior authorization platform to achieve Utilization Management Accreditation from the National Committee for Quality Assurance (NCQA).

Our HITRUST recertification, URAC, and NCQA accreditations reinforce Cohere’s position as a trusted leader in the industry and set us apart as a partner of choice for health plans seeking robust security, safety, quality, and compliance standards.

Our impact

Cohere’s intelligent prior authorization platform processes over 5.6 million requests annually, positively impacting more than 15 million health plan members and 457,000 healthcare providers nationwide. Currently, Cohere’s solutions are utilized by several major health plan clients nationwide, including Humana, Geisinger, and Medical Mutual.

To date, Cohere’s intelligent prior authorization platform has:

• Enabled 70% faster access to appropriate care (roughly equivalent to five days) for patients
• Saved 38,600 clinical review hours annually for a single health plan client
• Automatically and instantly approved up to 80% of prior authorization requests
• Achieved an industry-leading 90% platform adoption by providers of our digital solution versus fax and other manual methods to submit a prior authorization, along with a 91% satisfaction rate among providers utilizing the platform

🎙️ Listen to my interview with Keith Hawkey of Opkalla’s IT Matters Podcast to learn about the best practices for building a successful and secure compliance strategy.