Contessa Achieves HITRUST CSF® Certification to Manage Risk and Improve Security Posture

HITRUST CSF Certification validates that Contessa is committed to meeting key regulations anprotecting sensitive information 

Nashville, Tenn. (Dec. 13, 2021) – Contessa, an Amedisys company, has strict cyber security measures protecting patients, employees and partners. The high-acuity care at home operator has received national recognition by earning HITRUST CSF® Certification by HITRUST, the Health Information Trust Alliance.  

HITRUST CSF® Certification demonstrates that the organization’s infrastructure protects patient and provider information and have met key regulations and industry-defined requirements and are appropriately managing risk.  

“To ensure Contessa has the highest quality patient care and outcomes, safety and security are top priorities,” said Gaurav Khanna, Contessa chief information and digital officer. “We are committed to meeting complex compliance and privacy requirements. It’s our duty to uphold these high standards for protecting sensitive data and information by achieving HITRUST CSF Certification.” 

Contessa has been certified since 2017, with annual reassessments and biannual recertifications. This achievement places Contessa in an elite group of worldwide organizations that have earned this certification. To fulfill the certifications, hundreds of supporting requirements in 19 information technology control categories were required to meet the rigorous NIST and HIPAA standards. During this time, LBMC performed a HITRUST Validated Assessment and related services to help facilitate the certification and remains a valued cybersecurity partner for Contessa. 

By including federal and state regulations, standards, and frameworks, and incorporating a risk-based approach, the HITRUST CSF helps organizations address these challenges through a comprehensive and flexible framework of prescriptive and scalable security controls. 

“The HITRUST CSF Assurance Program is the most rigorous available, consisting of a multitude of quality assurance checks, both automated and manual,” said Bimal Sheth, vice president of Assurance Services at HITRUST. “The fact that Contessa has achieved HITRUST CSF Certification attests to the high quality of their information risk management and compliance program.” 


About Contessa: 

Based in Nashville, Contessa is the leader and pioneer of Home Recovery Care, a risk-based model that combines all the essential elements of inpatient hospital care in the comfort of patients’ homes. Founded in 2015, Contessa utilizes Care Convergence – a proprietary technology platform – to power the seamless delivery of Home Recovery Care that is safe, affordable and improves patient outcomes. Contessa’s turnkey solution provides upfront savings to health plans, enables health systems to reinvent their care delivery model and helps physicians deliver a better experience for patients. For more information, visit or follow us at @contessahealth. 

About Amedisys: 

Amedisys, Inc. is a leading healthcare at home company delivering personalized home health, hospice and personal care. Amedisys is focused on delivering the care that is best for our patients, whether that is home-based personal care; recovery and rehabilitation after an operation or injury; care focused on empowering them to manage a chronic disease; or hospice care at the end of life. More than 2,900 hospitals and 78,000 physicians nationwide have chosen Amedisys as a partner in post-acute care. Founded in 1982, headquartered in Baton Rouge, LA with an executive office in Nashville, TN, Amedisys is a publicly held company. With approximately 21,000 employees in 519 care centers within 39 states and the District of Columbia, Amedisys is dedicated to delivering the highest quality of care to the doorsteps of more than 418,000 patients and clients in need every year. For more information about the company, please visit: 

Forward-Looking Statements: 

When included in this press release, words like “believes,” “belief,” “expects,” “plans,” “anticipates,” “intends,” “projects,” “estimates,” “may,” “might,” “would,” “should,” “will” and similar expressions are intended to identify forward-looking statements as defined by the Private Securities Litigation Reform Act of 1995. These forward-looking statements involve a variety of risks and uncertainties that could cause actual results to differ materially from those described therein. These risks and uncertainties include, but are not limited to the following: the impact of the novel coronavirus pandemic (“COVID-19”), including the measures that have been and may be taken by governmental authorities to mitigate it, on our business, financial condition and results of operations, changes in or our failure to comply with existing federal and state laws or regulations or the inability to comply with new government regulations on a timely basis, changes in Medicare and other medical payment levels, our ability to open care centers, acquire additional care centers and integrate and operate these care centers effectively, competition in the healthcare industry, changes in the case mix of patients and payment methodologies, changes in estimates and judgments associated with critical accounting policies, our ability to maintain or establish new patient referral sources, our ability to attract and retain qualified personnel, our ability to keep our patients and employees safe, changes in payments and covered services by federal and state governments, future cost containment initiatives undertaken by third-party payors, our access to financing, our ability to meet debt service requirements and comply with covenants in debt agreements, business disruptions due to natural disasters or acts of terrorism, widespread protest or civil unrest, our ability to integrate, manage and keep our information systems secure, our ability to realize the anticipated benefits of acquisitions, and changes in law or developments with respect to any litigation relating to the Company, including various other matters, many of which are beyond our control. 

Because forward-looking statements are inherently subject to risks and uncertainties, some of which cannot be predicted or quantified, you should not rely on any forward-looking statement as a prediction of future events. We expressly disclaim any obligation or undertaking, and we do not intend to release publicly any updates or changes in our expectations concerning the forward-looking statements or any changes in events, conditions or circumstances upon which any forward-looking statement may be based, except as required by law.