Last month, Cohere Health received a highly sought-after security credential: HITRUST’s Risk-based, 2-year (r2) Certification. This certification demonstrates that our intelligent utilization management (UM) collaboration platform meets key regulation and industry-defined requirements and appropriately manages risk.
What HITRUST Certification means
Per HITRUST: “Earning an r2 Certification puts an organization into an elite group by showing that they meet key compliance requirements across a wide range of industry standards and frameworks, as well as federal and state regulations.”
HITRUST certification is a big step for a young company: the process, which includes over 300 assessment questions and 900 pieces of collected and submitted evidence, takes extensive time, energy, and collaboration from stakeholders across the organization. The process was led by Cohere’s internal IT and Security teams and though security is a never-ending process, we’re extremely proud of our team for working through and completing the rigorous process and achieving this HITRUST certification in this short timeframe.
Another great advantage to becoming HITRUST-compliant is the ability to map to other security frameworks and assessments such as the National Institute of Standards and Technology (NIST) and SOC2.
Vincent Bennekers, Vice President of Quality at HITRUST, added that Cohere receiving its r2 Certification now “is uncommon for a young company and speaks volumes about the company’s processing maturity and commitment to safeguarding sensitive data.”
Why it’s important for us to get HITRUST certified
- “Gold Standard” of Healthcare Data Security: Demonstrates that we are committed to maintaining the greatest levels of protection for customers’ healthcare data.
- Scalable and Cost-Effective: Once certified, we are able to respond more thoroughly and quickly in a repeatable manner, thus reducing the burden of ongoing, arduous security assessments that have become customary for health tech companies.
- Competitive Advantage: Demonstrates we’re a leader in security, privacy, and compliance because we have the highest security certification to back it up. This credibility and status in the healthcare industry set us apart from other organizations in the marketplace.
Why is security top of mind today?
Cybersecurity is top of mind across the healthcare industry right now. In IBM Security’s 2021 annual Cost of a Data Breach Report, they found that a healthcare data breach costs an organization $10 million on average, up almost 10% from the previous year. A bipartisan group of United States Senators recently proposed a new bill to Congress, “Healthcare Cybersecurity Act of 2022,” citing that these attacks can lead to data breaches, increase healthcare delivery costs, and ultimately affect patient health outcomes.
Hackers are also changing tactics and focusing more and more energy on third-party vendors and smaller practices. A Critical Insight analysis reported that we will increasingly see breaches occurring on third-party business associates rather than providers because they house so much information in one place. Furthermore, electronic medical records (EMRs) – and the third-party vendors that integrate with them and their data – are being targeted more frequently “to siphon as much data and cause as much operational damage as possible to push for ransom payments.”
In a day and age when malicious cyberattacks run rampant, leading healthcare companies, providers, and technology vendors – new and old, large and small – must commit to providing the highest security and privacy standards to protect client and patient data.
Cohere’s leading security efforts
Cohere has been steadfast in its commitment to healthcare security, privacy, and regulatory compliance best practices. This certification confirms and underscores that our intelligent UM platform meets all national and international security, privacy, and regulatory standards, including ISO, NIST, PCI, HIPAA, and GDPR. It’s also important to note that the entire Cohere platform received certification by HITRUST, not just one feature or facet of the technology.
Cohere is one of the few companies focused on utilization management to earn HITRUST r2 certification and was also the first digital prior authorization platform to achieve Utilization Management Accreditation from the National Committee for Quality Assurance (NCQA). To maintain HITRUST certification, we must ensure regular third-party monitoring of our intelligent UM collaboration platform, including testing hundreds of security controls.
If you’re interested in learning more about our HITRUST r2-certified UM platform, connect with us today.