By Lorri Markum

October 18, 2023

Sometimes, it requires a proverbial village to fully identify the trust and integrity an organization has always had in place and upheld. To further promote that dedication to security to hc1® current and potential clients, hc1 sought to attain the highest level of trust and assurance awareness that customers come to count on and have unwavering confidence in.

A village of hc1 team members worked tirelessly for over a year to ensure the hc1 Platform®, along with the hc1 corporate headquarters located in Indianapolis, secured the HITRUST Risk-based, 2-year (r2) certification for information security. This certification allows hc1 to further demonstrate to labs and health systems that it remains at the forefront of industry best practices for information risk management and compliance.


The Health Information Trust Alliance Common Security Framework (HITRUST CSF®) serves to unify security controls based on aspects of US federal law (such as HIPAA and HITECH), certain state-specific laws, and other industry-standard compliance frameworks into a single comprehensive set of baseline security and privacy controls, built specifically for healthcare needs.

Instead of pursuing lesser certifications, hc1 decided to go straight to the highest level by setting sites on achieving the HITRUST Risk-based, 2-year (r2) certification. “HITRUST is widely regarded as the gold standard for information protection assurances, enabling us to validate how seriously we are about delivering healthcare ethically and securely to our current and future customers,” said Shelly Simeone, SVP of legal and chief compliance officer at hc1. “We also selected the HITRUST certification because it leverages numerous security and privacy-related regulations, standards and frameworks–including NIST and HIPAA for certification,” Simeone emphasized.

Watch the video below for the complete interview.

“HITRUST is a rigorous program that goes beyond other third-party certifications and has specific controls that cover numerous areas within information security, such as risk management, data loss prevention and access to control, to name just a few. An actual third-party, HITRUST-approved assessor completes the review on behalf of the organization. In addition, there is also a meticulous policy and procedures and testing process assuring that all proper controls are in place,” said Simeone.

hc1 Director of Compliance and Risk Management, Chris Toth, added, “hc1 has  19 different domains that are tested and reviewed by HITRUST and all 19 of those domains are approved.”

hc1 was Built Specifically for Healthcare

Both the hc1 Platform® and the hc1 organization have the advantage of being built from the ground up for healthcare. Nationwide, clinical laboratories and health systems trust hc1 with their data. This dedication to healthcare means that protecting the integrity of customers’ sensitive information has always been an hc1 priority. 

System security is critical because of the data collection, data content serving and reporting activities conducted in the hc1 Platform. In addition, cloud-based delivery often raises concerns for information security. The HITRUST-certified hc1 Platform’s architecture and design follow industry-standard best practices for security design to address these concerns.

hc1 has been designed for and runs completely in AWS on HIPAA-compliant systems and is covered by its Business Associate Agreement (BAA) with AWS. The hc1 solution leverages all the available security features of AWS and is built to current best practices using a three-tier architecture. 

Trust and Assurance

hc1’s Amazon Web Services (AWS)-based cloud platform allows laboratories, healthcare providers, acute care centers, and other healthcare organizations to focus on improving their business rather than handling security and IT issues, providing customers with secure, scalable, reliable data access and outstanding performance.

The safety of customer data is paramount for the entire company, and hc1's meticulous security processes and tools demonstrate commitment to protecting this data. hc1 proactively protects customer data and provides the best possible security through the use of stringent procedures. 

Download this whitepaper to learn more about hc1’s HITRUST commitment.

Previous Post Learn How to Extract the Unlimited Possibilities within Your Lab’s Data
Next Post Why Labs Need hc1 Alongside Their LIS