MedImpact Achieves HITRUST Certification, the Gold Standard of Healthcare Data Security

SAN DIEGO–(BUSINESS WIRE)–MedImpact, the independent pharmacy benefit manager (PBM) and health solutions company, announced today that its systems and platforms have earned HITRUST Risk-based, 2-year Certification, the highest level of information protection and compliance assurance.

According to HITRUST, this achievement puts MedImpact in an elite group of organizations worldwide that have earned HITRUST certification and validates that MedImpact is meeting key compliance requirements across a wide range of industry standards and frameworks, as well as federal and state regulations.

“MedImpact not only attained HITRUST certification, but we also achieved it with no corrective action plans,” said Robert Thieling, Vice-President, Internal Audit at MedImpact. “This demonstrates MedImpact’s dedication to protecting the security and privacy of our clients’ data.”

By including federal and state regulations, standards, and frameworks, and incorporating a risk-based approach, the HITRUST Assurance Program helps organizations address security and data protection challenges through a comprehensive and flexible framework of prescriptive and scalable security controls.

HITRUST certification provides the highest level of assurance for the healthcare industry, which has greater risk exposure due to protected health information, data volumes, regulatory compliance, and other risk factors.

“HITRUST knows that without a sufficient level of reliability, an assurance report doesn’t provide the requisite level of assurances as required to make important business decisions. That’s why we focus on producing the highest quality reports available,” said Vincent Bennekers, Vice President of Quality, HITRUST. “The achievement of a HITRUST Risk-based, 2-year Certification provides reliable assurances that MedImpact is taking information risk management and compliance seriously.”

HITRUST certification required a comprehensive review of MedImpact’s information technology systems, cloud and data storage environments, servers, hardware, user workstations, policies and procedures, encryption protocols, security event monitoring, and event response.

“MedImpact is committed to the highest level of data security and risk management,” Thieling said. “Our HITRUST certification assures our clients, members, and business partners that MedImpact is at the forefront of the healthcare industry for information risk management and compliance.”


For 30 years, MedImpact has been building, delivering, and reimagining pharmacy benefit solutions for healthcare payers who face complex and dynamic challenges. As the leading independent PBM, we offer clients the clarity they need to make care and cost decisions; control over a powerful suite of solutions that manage pharmacy spend; and confidence that comes from a proven PBM partner who is fully aligned with their goals and invested in their future. Learn more at or follow us on Twitter @MedImpact.


Karina Lewis

error: Content is protected !!