We are committed to providing outstanding solutions to out-of-hospital healthcare provider—as validated by our industry accreditation.

These in-depth surveys and certifications assure customers that our system will exceed your expectations for security, privacy, trust assurance, certificate management, policies and procedures, business practices and more.

Privacy & Security Accreditation (EHNAC)


To help ensure our customers’ data is kept private and secure, Updox undergoes a rigorous accreditation process that evaluates our policies, security controls, IT procedures, data centers, disaster recovery, software development life cycle, customer service, staff training, human resource management, and more.

The Updox accreditation is through the Electronic Healthcare Network Accreditation Commission (EHNAC) . Their accreditation program includes the same criteria as the HITRUST certification plus additional criteria that covers the Updox Direct Secure Messaging service.

Direct Secure Messaging Accreditation (DirectTrust)

Direct Trust icon

As a provider for Direct Secure Messaging, Updox also undergoes extensive accreditations for each of the three functions involved:

• Health Information Services Provider (HISP)

• Registration Authority (RA)

• Certification Authority (CA)

A HISP is an organization that provides direct messaging services to securely transmit healthcare information over the internet.

An RA is an organization that verifies the identity of individuals using direct messaging. Identity verification helps further security by verifying that users “are who they say they are.”

A CA is an organization that issues digital certificates to direct messaging organizations and users. Certificates help to ensure that direct messaging is secure.

This accreditation is through DirectTrust, a pioneer in the technical trust and confidence in the secure exchange of healthcare information. 

Learn more about the Direct Secure Messaging HISP Practice Statement and Certificate Practice Statement:

ONC 2015 Edition Health Information 
Technology Certification

HIT Vendor: Updox
Version: 2022.0
Date Certified: 12/30/2022
Certificate #:
Version: 2022.1 (if using the new Updox Patient Engagement Portal)
Date Certified: 12/30/2022
Certificate #:


  • 170.315 (d)(1) Authentication, Access Control, Authorization
  • 170.315 (d)(2) Auditable Events and Tamper-resistance (Cures Update)
  • 170.315 (d)(3) Audit Reports (Cures Update)
  • 170.315 (d)(5) Automatic Access Timeout
  • 170.315 (d)(7) End User Device Encryption
  • 170.315 (d)(9) Trusted Connection
  • 170.315 (d)(12):Encrypt Authentication Credentials (Cures Update)
  • 170.315 (d)(13): Multi-Factor Authentication (Cures Update)
  • 170.315 (e)(1) View, Download, Transmit (Cures Update)
  • 170.315 (g)(1) Automated Numerator Recording
  • 170.315 (g)(4) Quality System Management
  • 170.315 (g)(5) Accessibility Centered Design
  • 170.315 (g)(6) Consolidated CDA Creation Performance (Cures Update)
  • 170.315 (h)(2) Direct Project, Edge Protocol, and XDR/XDM

Additional Software Used: Keycloak, Comtron, Cantata Health, Practice Fusion, Dentrix ENT,Objective Medical, Greenway Prime Suite, eMD (ModuleMD Wise),Eyecare Leaders, First Insight, GEMMS, Amazing Charts, Dr. Chrono

ONC Certified Health IT Products List (CHPL)

2022 Updox Real World Testing Plan

2022 Updox Real World Testing Plan Results

2023 Updox Real World Testing Plan

Clinical Quality Measures
  • None (not applicable to Updox services)
Additional Software Required
  • Certified Electronic Health Record (EHR) software

Updox is ONC Health IT 2015 Edition compliant and has been certified by an ONC-ACB in accordance with the applicable certification criteria adopted by the Secretary of Health and Human Services. This certification does not represent an endorsement by the U.S. Department of Health and Human Services.

Direct Messaging

This functionality allows practice/hospital users to securely exchange direct messages with external providers. Direct messages may include clinical data, notes, and other healthcare related information. The process for sending/receiving direct messages varies depending on the EHR vendor partnered with Updox.

Secure Messaging

This functionality allows practice/hospital users to send and receive secure messages to/from patients using the Updox Patient Portal. The process for sending/receiving secure messages varies depending on the EHR vendor partnered with Updox.

Patient Portal

This functionality enables a practice/hospital to give their patients online access to their health information, exchange secure messages with providers, and transmit clinical care summaries to other parties using direct messaging or standard email. The Patient Portal is associated with a single practice/hospital.

Costs or Fees

This product may require a one-time integration fee, monthly direct messaging subscription per address, monthly Patient Portal subscriptions per provider, and identity verification fees per attempt. The applicable costs are specified in the business contracts between Updox and its EHR vendor partners. 

Ready to get started?