Skip to main content

Medplum Achieves HITRUST e1 Certification

· 3 min read
Reshma Khilnani
Reshma Khilnani
Medplum Core Team

Demonstrating commitment to cybersecurity and information protection: HITRUST Certification validates the Medplum Platform is meeting rigorous cybersecurity and data protection standards through independent assessment and assurance.

HITRUST e1 Certification badge

San Francisco, Calif., June 1, 2026 – Medplum, a leading provider of open-source healthcare developer infrastructure, today announced its Medplum Platform residing at Amazon Web Services (AWS) has earned certified status from HITRUST for cybersecurity and information protection.

The HITRUST e1 Certification demonstrates that Medplum has met requirements defined by a leading cybersecurity assurance leader, confirming that strong controls are in place to protect sensitive data and manage risk effectively.

Built on the HITRUST Assurance Program, this achievement reflects independent third-party testing, centralized quality assurance, and certification backed by HITRUST's Cyber Threat-Adaptive engine. These elements ensure continuous alignment with the latest threat intelligence and evolving standards across NIST, ISO, and OWASP.

"As cybersecurity expectations rise, our stakeholders expect credible, validated assurance," said Reshma Khilnani, CEO at Medplum. "Achieving HITRUST Certification reinforces our ongoing commitment to protecting data, managing risk, and maintaining the trust of those we serve."

"Earning HITRUST Certification demonstrates Medplum's commitment to managing information risk and protecting sensitive data through a rigorous, proven assurance process," said Gregory Webb, CEO at HITRUST. "This achievement reflects the organization's proactive approach to cybersecurity and trust."

HITRUST certification was a key commitment on the compliance theme of our 2026 roadmap. The HITRUST e1 Certification joins Medplum's existing compliance portfolio, including SOC 2 Type 2, HIPAA, and ONC certification — see the compliance overview for details. For organizations pursuing their own HITRUST certification using Medplum as a primary application backend, our HITRUST documentation describes how we can support your certification process.

To learn more about the HITRUST framework, assurance methodology, and its measurable results in reducing the risk of cyber breaches, see the HITRUST Trust Report.

About Medplum

Medplum is an open-source healthcare developer platform built on FHIR standards. Medplum provides the API, data store, authentication, and developer tools that healthcare organizations use to build custom EHRs, patient portals, and clinical applications. Medplum is available as a managed service hosted on Amazon Web Services (AWS) and as self-hosted software under the Apache 2.0 license.