HiTrust compliance


Over 80 percent of hospitals and health plans use the HITRUST Common Security Framework (CSF) to take the guesswork out of healthcare cybersecurity compliance. As of June 2017, Anthem, Humana, Highmark, United Health, and Health Care Services Corp are requiring their business associates to have HITRUST certification.


Save money and time complying with HITRUST CSF:


See What's Communicating

The Adaptive Security Platform® (ASP) shows you in real time all the connections between system components that store or process ePHI. You can also monitor current and historic flows of ePHI across your network, identifying vulnerabilities and potential attack vectors.

  • Easily identify the full extent of your ePHI environment, whether in the cloud or your data center.


Find and Solve Compliance Problems with Explorer

Undiscovered compliance challenges, like a production server that handles ePHI communicating with a development server, can stall compliance and cost you money and time. Illumio Explorer lets you find problems before the audit starts and enables you to speed the audit along once it starts.

  • Ensure that you have properly encrypted all ePHI traffic.
  • Identify anywhere that Dev is talking to Prod.
  • Find and validate mysterious processes in minutes.


Control Access To Your ePHI Environment With Micro-Segmentation

Limit communications into, out of, and within your ePHI environment to only the minimum necessary communications that your systems require to function. Since Illumio is software-based and does not depend on the network for segmentation, implementation is faster, and our micro-segmentation automatically adapts to changes in your environment to ensure security policies always remain in place.

  • Segment your ePHI environment in any cloud or data center;
  • Address HITRUST Access Controls 01.m, 01.n, 01.o, 01.w and Communications Controls (09.m, 09.2, 09.w)

Deep dive into our micro-segmentation technology.

Encrypt ePHI Traffic in One Click

HITRUST requires that any ePHI data transmitted across an open or untrusted network be encrypted. This means any ePHI data that moves between data centers or into the cloud. Illumio SecureConnect offers one-click encryption that secures your ePHI data no matter where it is going or coming.

  • Save time and avoid mistakes by using Illumio SecureConnect. Instantly encrypt ePHI traffic with point-to-point IPSEC tunnels.


Show HITRUST Compliance

Speed up and simplify your HITRUST audits with one-click reporting that avoids slow and costly firewall rule set review.

  • Review and validate security policy in minutes instead of hours.


  • Real-time visibility into all the systems and communications within your ePHI environment.
  • Identify compliance challenges before your audit using Explorer.
  • Segment high-value systems and applications that handle ePHI in any data center or cloud.
  • Generate compliance data in minutes that validates the communications and segmentation of your ePHI environment.
  • One-click IPsec encryption of communications within your ePHI environment and with external systems to comply with HITRUST security controls using Illumio SecureConnect.
Fast and Precise HISTRUST Compliance Using Micro-Segmentation



Breaking down three key steps to successfully scope and secure your HITRUST environment—and pass your audit in no time.  

Get the white paper »