The Sequoia Project Selects HITRUST as TEFCA Security Certifying Body

The Sequoia Project has selected HITRUST as the first certifying body for the Trusted Exchange Framework and Common Agreement (TEFCA) security requirements.

Organizations must obtain the HITRUST Risk-based, 2-year (r2) Certification to prove they meet the security requirements for their Qualified Health Information Network (QHIN) designation.

The HITRUST r2 is the only certification recognized by The Sequoia Project, TEFCA's recognized coordinating entity (RCE), for meeting the Common Agreement cybersecurity criteria.

HITRUST is currently certifying potential QHINs.

HITRUST is also available to assist TEFCA participants and subparticipants in ensuring the security of TEFCA information under the framework agreements.

TEFCA, born from the 21st Century Cures Act, aims to support national healthcare interoperability.

TEFCA requires strong security safeguards to protect health information, including the requirement that QHINs "shall achieve and maintain third-party certification to an industry-recognized cybersecurity framework."

"Appropriate access to actionable patient data requires the secure and trusted exchange of health information," Steve Yaskin, CEO & Co-founder of Health Gorilla, said in a press release. "Health Gorilla is working toward HITRUST r2 Certification and becoming one of the first designated QHINs under TEFCA."

"HITRUST's rigorous approach to evaluation and depth of review not only meet the requirements of the ONC but also support our goal of proving our qualification to protect and exchange digital health information where it is needed," Yaskin added.

QHINs will connect nationally, so they must be held to elevated security standards.

"HITRUST is uniquely poised to help ensure those requiring access to the health data from across the ecosystem are trusted," said Mike Parisi, vice president of adoption and business development for HITRUST. "As one of the most prominent initiatives in healthcare since Meaningful Use, we will be engaging organizations proactively to help them get ahead of TEFCA and its security requirements."