Orion Health reinforces security credentials with HITRUST and DirectTrust accreditations


Orion Health, a global leader in population health software, announced that it has gained leading security credentials for two of its flagship products.

Its world-leading Amadeus unified healthcare platform has earned certification for information security by HITRUST. At the same time, its Communicate software solution has also achieved full accreditation through the DirectTrust™ Accreditation Program for Health Information Service Providers (HISPs).

Grant Anthony, Orion Health’s Chief Information Security Officer says the security of patient and clinician data has always been paramount to Orion Health.

“Handling important data across our people, clinicians and data science platforms comes with great responsibility. This means information security is of the utmost importance to us at Orion Health. These certifications are testaments to our commitment to data security and our world-leading technical infrastructure supporting customers all around the world.”

HITRUST Risk-based, 2-year (r2) Certified status demonstrates that Amadeus, hosted by the secure AWS cloud, has met key regulations and industry-defined requirements and is appropriately managing risk. This achievement places Orion Health in an elite group of organisations worldwide that have earned this certification.

Amadeus is an open platform that scales to accommodate the vast amount of data generated by new models of care, to support the journey from population health management to precision medicine. It provides healthcare professionals with the support they need to make the best possible decisions at the point of care.

By including US federal and state regulations, standards, and frameworks, and incorporating a risk-based approach, the HITRUST Assurance Program helps organisations address security and data protection challenges through a comprehensive and flexible framework of prescriptive and scalable security controls.

“The HITRUST Assurance Program is the most rigorous available, consisting of a multitude of quality assurance checks, both automated and manual,” said Bimal Sheth, Executive Vice President, Standards Development & Assurance Operations, HITRUST.

“The fact that Orion Health’s Amadeus has achieved HITRUST Risk-based, 2-year Certification attests to the high quality of their information risk management and compliance program.”

DirectTrust is a non-profit healthcare industry alliance created to support secure, identity-verified electronic exchanges of protected health information between provider organisations, and between providers and patients, for the purpose of improved coordination of care.

Orion Health’s Communicate software solution provides reliable and protected communication between patients, healthcare providers and organisations across desktop and electronic medical record (EMR) systems. It was audited against a series of technical, physical, and operational criteria and found to be fully in compliance with the Direct Standard™ and the requirements of the DirectTrust Security and Trust framework.

“DirectTrust HISP accreditation certifies that an organisation has established and upheld a superior level of trust for its stakeholders, which is a significant distinction. Kudos to Orion Health’s commitment to maintaining the highest standards in privacy, security and confidentiality,” said DirectTrust President and CEO Scott Stuewe.

Gaining two separate forms of security accreditation for two of its products puts Orion Health in an elite class of organisations that is recognised for prioritising security practices.