Blue Cross Blue Shield of MA Achieved HITRUST CSF Certification for Enhanced Security and Compliance
Industry-leading certification underscores BCBSMA’s commitment to protecting members’ private health care information
Receiving this certification is a tremendous achievement and supports our promise to always put our members first.

Boston, MA, Sept. 6, 2017 – Blue Cross Blue Shield of Massachusetts is pleased to announce its main systems processing, hosting and exchanging members’ personal health information have earned Certified status for information security by the Health Information Trust (HITRUST) Alliance. With the HITRUST CSF Certified Status, the company’s health insurance business operations meet key healthcare regulations and requirements for protecting and securing sensitive private healthcare information. This designation places Blue Cross in an elite group of organizations nationwide that have completed this rigorous certification process.

Blue Cross understands the critical need for privacy and security when sensitive health care information is stored, used and transmitted electronically, and the company strives to meet and exceed regulatory requirements and best practices. HITRUST CSF Certified status indicates that a company’s servers, storage, databases and networking solutions have met industry-defined requirements and that the organization is appropriately managing risk. Companies are scored on more than 270 requirements before being granted HITRUST CSF status. The systems certified by the HITRUST CSF Certification:

  • Process the company’s claims business,
  • Process its members’ benefit eligibility, and
  • Host the company’s back-end data and information.

Sean Baggett, Director of IT Security at Blue Cross Blue Shield of Massachusetts, noted “While we are now HITRUST certified for 2 years, we are continuously looking to improve our scores and evaluate our various security protocols, tools and policies. We will not rest on our laurels and will continue to work to make our environment as secure as possible, protecting our members’ and employer customers’ information.”

“Receiving this certification is a tremendous achievement and supports our promise to always put our members first,” said Linda Williams, Senior Vice President of Audit and Risk Management at Blue Cross Blue Shield of Massachusetts. “HITRUST CSF certification provides the flexible compatibility with several security platforms while meeting and maintaining rigorous standards. But most importantly, it increases our members’ and employer customers’ confidence that our company is meeting the highest industry standards of protection and security when it comes to private health care information.”


About Blue Cross Blue Shield of Massachusetts

Blue Cross Blue Shield of Massachusetts ( is a community-focused‚ tax-paying‚ not-for-profit health plan headquartered in Boston. We are the trusted health plan for more than 31‚500 Massachusetts employers and are committed to working with others in a spirit of shared responsibility to make quality health care affordable. Consistent with our corporate promise to always put our 2.8 million members first‚ we are rated among the nation’s best health plans for member satisfaction and quality.



The Health Information Trust Alliance (HITRUST) was born out of the belief that information security should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges. HITRUST, in collaboration with healthcare, business, technology and information security leaders, has established the Common Security Framework (CSF), a certifiable framework that can be used by any and all organizations that create, access, store or exchange personal health and financial information.

The CSF is an information security framework that harmonizes the requirements of existing standards and regulations, including federal (HIPAA, HITECH), third party (PCI, COBIT) and government (NIST, FTC).

For further information: Amy McHugh,, 617-246-2311