Why Both HIPAA and ONC Health IT Certification Matter in Building Trustworthy Digital Health

If healthcare data is the lifeblood of modern care, trust is its heartbeat. Every system that handles patient information (from EHRs to mobile apps) must prove it’s both secure and interoperable.

Two of the most important frameworks making trust possible are the Health Insurance Portability and Accountability Act (HIPAA) and ONC Certification. They’re often mentioned together, yet each strengthens a different part of the same foundation. HIPAA governs how patient data is protected and shared, while ONC Certification validates that the technology managing that data meets national standards for security and interoperability. Where HIPAA defines what must be safeguarded, ONC defines how those safeguards are built and proven. Together, they help healthcare organizations transform digital innovation into systems that are compliant, connected, and worthy of patient trust.

HIPAA: Protecting Patient Data at Every Stage

HIPAA establishes national standards for safeguarding Protected Health Information (PHI). Its core purpose is to ensure patient data remains confidential, available, and secure, even as it moves between healthcare providers, payers, and third-party systems.

Who It Applies To

• Covered Entities such as healthcare providers, health plans, and clearinghouses.

• Business Associates that create, receive, maintain, or transmit PHI on behalf of those covered entities.

HIPAA’s Security Rule requires organizations to implement administrative, physical, and technical safeguards to prevent unauthorized access or disclosure. But compliance isn’t a one-time task; it’s an ongoing effort that demands risk awareness, proactive monitoring, and clear governance.

Drummond’s Alignment 

Drummond helps healthcare organizations build and sustain HIPAA compliance through a strategic combination of security risk assessments, remediation planning, and targeted testing. Our experts conduct penetration testing, vulnerability management, and help develop policies and procedures that align with HIPAA’s Security Rule requirements. 

By identifying vulnerabilities across critical systems, Drummond empowers organizations to fortify their defenses and maintain patient trust in an increasingly connected care environment. 

ONC Certification: Verifying Interoperable, Trusted Health IT

The ASTP/ONC (Assistant Secretary for Technology Policy/Office of the National Health Coordinator) oversees the Health IT Certification Program, which ensures that EHR systems and other health IT solutions meet federal standards for functionality, interoperability, and security.

Certification provides assurance that certified health IT products can safely and effectively exchange health data in alignment with national policy goals.

Who It Applies To

• Health IT Developers and EHR Vendors seeking certification for their products or modules.

• Technology Providers supporting CMS programs and public health initiatives that rely on certified systems.

Drummond’s Alignment

As the leading ONC-Authorized Testing Lab (ATL) and ONC-Authorized Certification Body (ACB), Drummond guides health IT developers through every phase of certification, from readiness assessments and advisory support to formal testing, certification reviews, and Real-World Testing.

Our team also helps developers stay aligned with evolving ONC requirements, ensuring their products remain technically compliant, interoperable, and market ready as federal standards advance.

Where HIPAA and ONC Intersect

While HIPAA governs how health data is protected, ONC Certification ensures that the technology used to share that data is trustworthy. In other words: