Skip to main content
logo
logo Contact us

Data Sheet: HealthRules Payer HiTrust

Download PDF

HealthRules® Payer (HRP) employs a comprehensive, risk-based approach to information security. By integrating advanced risk assessment and mitigation strategies, HRP ensures robust network management controls and change governance, making security a core component of both its product and operations lifecycle.

Key Features:

  • Business Continuity and Incident Response: HRP has developed policies and procedures, including disaster recovery and incident response, to manage disruptions ranging from software outages to global pandemics.
  • Third-Party Risk Management: All external tools, components, and service providers undergo rigorous security scrutiny.
  • Workforce Security Training: Role-based security training, background checks, and the Security Awareness for Everyone (SAFE) program ensure all employees follow best security practices.
  • Endpoint Protections: Employee workstations feature Endpoint Detection and Response (EDR), application and website blacklisting, and Data Loss Prevention (DLP).
  • Multifactor Authentication (MFA) and Annual Penetration Tests are standard to safeguard critical systems.
  • Change Management and Vulnerability Management systems ensure all code changes are secure, peer-reviewed, and vulnerabilities are promptly addressed.
  • Security-by-Design principles are embedded in product development, proactively assessing risks and incorporating security best practices.

Operational Security:

  • Data Encryption: All sensitive data is encrypted at rest using AES-256, with web traffic secured via TLS 1.2. VPN tunnels facilitate secure communication between HRP and customer environments.
  • Access Controls: Site-to-site VPN tunnel, SFTP access control, Role-Based Access Control (RBAC), Single Sign-On (SSO), and least-privilege access are implemented to maintain secure access to internal systems.
  • Infrastructure Protection: Customer data is hosted on fault-tolerant, redundant infrastructure in dedicated environments to prevent data commingling.
  • Web Application Firewall (WAF) and Load Balancer protect the application, while a Security Information and Event Management (SIEM) system ensures internal visibility and response to security events.

Compliance and Privacy:

  • HITRUST Certification and a SOC-2 Type 2 audit underscore HRP's commitment to continuous security maturity and data protection.
  • Privacy Policy available online reflects HRP’s dedication to respecting user privacy.

By prioritizing security through rigorous standards and innovative practices, HealthRules® Payer not only meets but exceeds conventional security and organizational objectives. For more information on HRP’s commitment to security and privacy, visit their privacy policy.