Onlife Health Earns HITRUST CSF Certification


National Wellness Provider Achieves Healthcare Industry’s Most Recognized Security Standard


Brentwood, Tenn., March 2, 2017—Onlife Health, a national leader in comprehensive workplace wellness solutions, today announced it has earned Certified status for information security by the Health Information Trust (HITRUST) Alliance. With this CSF (Common Security Framework) Certified Status, Onlife Health joins an elite group of organizations who have met the rigorous requirements established by HITRUST CSF, the most widely adopted security framework in the U.S. healthcare industry.

“The increased risk of hacking and cyber attacks makes it imperative that companies charged with the responsibility of protecting private healthcare information be operating at the highest level of security,” said Mark McConnell, president and CEO of Onlife Health. “Obtaining CSF Certification demonstrates that our security policies, procedures and practices are aligned with the highest standard required by the health industry.”

Used by more than 84 percent of hospitals and health plans as well as many other healthcare organizations and business associates, HITRUST CSF incorporates the multiple security requirements placed upon healthcare organizations by federal, state, third-party and other government agencies, including HIPAA, HITECH, PCI and COBIT. 

HITRUST CSF Certification requires a rigorous vetting process that involves complying with 272 baseline security controls across 19 domains, covering everything from password management and wireless security to business continuity and disaster recovery.

Achieving HITRUST CSF Certification became a top priority for the healthcare industry after multiple health insurance carriers, including Anthem, Highmark, HCSC, Humana and UnitedHeathcare, announced that their vendors would need to be certified by December 31, 2017.

In March 2016, the IT and Security Team at Onlife Health initiated a comprehensive review of policies, procedures, controls, tools, and security related postures in preparation for the extensive third-party audit that is required to achieve CSF Certification. In December 2016, LBMC Information Security initiated the audit, and Onlife Health received its Letter of Certification from HITRUST on March 1, 2017.

“To achieve CSF Certification 10 months ahead of the required target date is a remarkable demonstration of the professionalism and dedication of our infrastructure team,” said Sameer Bhargava, CIO of Onlife Health. “It speaks highly of our commitment to provide our clients and members with the highest levels of security and support.”


HITRUST CSF logo-300x158.png



Founded in 2007, the HITRUST Alliance, a not for profit, was born out of the belief that information protection should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges. HITRUST—in collaboration with public and private healthcare technology, privacy and information security leaders—has championed programs instrumental in safeguarding health information and managing information risk while ensuring consumer confidence in the organizations that create, store or exchange their information. HITRUST develops, maintains and provides broad access to its common risk and compliance management and de-identification frameworks, and related assessment and assurance methodologies, as well as programs supporting cyber sharing, analysis and resilience. HITRUST also leads many efforts in advocacy, awareness and education relating to information protection. For more information, visit