TMCnet News
Eligible's Platform Services Attain HITRUST r2 and NIST Cybersecurity Framework v1.1 CertificationsNEW YORK, July 7, 2026 /PRNewswire/ -- Eligible, Inc., the healthcare transaction infrastructure company connecting providers, agents, and insurers, today announced that its Platform Services System has attained HITRUST r2 Certification, along with concurrent certification against the NIST Cybersecurity Framework v1.1. All 19 HITRUST domains and all five NIST CSF Core Functions — Identify, Protect, Detect, Respond, and Recover — were certified. Both certifications are valid through May 2028. The assessment, conducted by independent third-party assessor A-LIGN, moved through HITRUST's Quality Assurance review at warp speed — among the fastest QA cycles in Eligible's certification history. A single disciplined assessment cycle produced two independent, internationally recognized cybersecurity certifications for the Platform Services System. HITRUST r2 is the most rigorous certification available in the healthcare security ecosystem, evaluating 19 domains of controls at the policy, procedure, and implementation levels. The accompanying NIST CSF v1.1 certification is issued by HITRUST through the same validated assessment, with controls mapped to NST CSF Core Functions, Categories, and Subcategories using the NIST OLIR Program methodology (NISTIR 8278). "This certification reflects more than a single assessment cycle," said Katelyn Gleason, CEO and Founder of Eligible. "It reflects years of sustained operational discipline — building security and compliance into our platform as living systems rather than annual exercises. The lightning-fast QA cycle wasn't an accident. It was the result of years of doing the work properly." "The HITRUST Assurance Program is rigorous and reliable because of the comprehensiveness of control requirements, depth of review, and consistency of oversight," said Bimal Sheth, Executive Vice President, Standards Development & Assurance Operations at HITRUST. "HITRUST r2 Certification demonstrates Eligible is taking the most proactive approach to cybersecurity, data protection, and risk management." The certifications cover Eligible's Platform Services System — the REST APIs, application infrastructure, and supporting services through which Eligible processes HIPAA-mandated healthcare financial transactions including eligibility verification (270/271), claims (837/276/277), remittance (835), and acknowledgements (TA1, 997, 999). A SOC 2 examination, also conducted by A-LIGN, is underway in parallel covering Security, Availability, Processing Integrity, and Confidentiality — with its Readiness Assessment returning zero gaps identified. About Eligible Eligible provides essential healthcare financial transaction services to healthcare providers and their agents. As one of the few options nationwide that builds direct trading partner integrations with insurers where possible, Eligible delivers a consolidated solution for HIPAA-mandated transactions. Eligible was the first to release the customer-facing concept of a REST API for these essential services, in 2012. For more information, visit eligible.com. Media Contact:
SOURCE Eligible
|
