Patient Data is Always Protected

We have HITRUST certification to provide our partners with third party assurance of our policies and processes. We are committed to protecting your information as well as the privacy of your patients.

Governance and Compliance

The Health Insurance Portability and Accountability Act of 1996 (HIPAA), among other federal and state laws, requires GLHC and all of its participants to protect the privacy and security of Protected Health Information. All GLHC participants have signed applicable data sharing and trust agreements, agreeing to abide by a common set of confidentiality and accountability standards.


To fulfill our commitments to you and the patients you serve, GLHC has implemented several physical, electronic, and procedural safeguards to protect the confidentiality, integrity, and availability of your information. These protections include, but are not limited to, encrypting patient information as well as using firewalls and other dedicated security devices to protect and monitor access to patient information.

Protecting patient information will continue to be a top priority for GLHC as we work together to improve health outcomes and healthcare value for patients in the communities we serve. We value our partners as well as the trust placed in us and we take this responsibility very seriously.

To further demonstrate this commitment, GLHC has attained HITRUST certification to provide our partners with third party assurance around the security posture of our solutions and our organization. This certification validates that we’ve incorporated security and privacy into every business process, from solution design and software development to operations and support.

Great Lakes Health Connect Achieves HITRUST CSF Certification to Further Mitigate Risk in Third Party Privacy, Security, and Compliance


The HITRUST CSF is a certifiable framework that provides organizations with a comprehensive, flexible and efficient approach to regulatory compliance and risk management. Developed in collaboration with healthcare and information security professionals, the HITRUST CSF rationalizes healthcare-relevant regulations and standards into a single overarching security framework. Because the HITRUST CSF is both risk- and compliance-based, organizations can tailor the security control baselines based on a variety of factors including organization type, size, systems, and regulatory requirements. According to the HITRUST alliance, the HITRUST CSF has become the most widely-adopted security framework in the U.S. healthcare industry. For more information on the framework or certification process, visit

Privacy or Security Concerns

For privacy or security related questions or concerns, please contact our Privacy & Security team!