Skip to main content
logo Contact us

Data Sheet: HealthRules Payer HiTrust

Author Chelsea Youngquist
Download PDF

HealthRules® Payer (HRP) employs a comprehensive, risk-based approach to information security. By integrating advanced risk assessment and mitigation strategies, HRP ensures robust network management controls and change governance, making security a core component of both its product and operations lifecycle.

Key Features:

  • Business Continuity and Incident Response: HRP has developed policies and procedures, including disaster recovery and incident response, to manage disruptions ranging from software outages to global pandemics.
  • Third-Party Risk Management: All external tools, components, and service providers undergo rigorous security scrutiny.
  • Workforce Security Training: Role-based security training, background checks, and the Security Awareness for Everyone (SAFE) program ensure all employees follow best security practices.
  • Endpoint Protections: Employee workstations feature Endpoint Detection and Response (EDR), application and website blacklisting, and Data Loss Prevention (DLP).
  • Multifactor Authentication (MFA) and Annual Penetration Tests are standard to safeguard critical systems.
  • Change Management and Vulnerability Management systems ensure all code changes are secure, peer-reviewed, and vulnerabilities are promptly addressed.
  • Security-by-Design principles are embedded in product development, proactively assessing risks and incorporating security best practices.

Operational Security:

  • Data Encryption: All sensitive data is encrypted at rest using AES-256, with web traffic secured via TLS 1.2. VPN tunnels facilitate secure communication between HRP and customer environments.
  • Access Controls: Site-to-site VPN tunnel, SFTP access control, Role-Based Access Control (RBAC), Single Sign-On (SSO), and least-privilege access are implemented to maintain secure access to internal systems.
  • Infrastructure Protection: Customer data is hosted on fault-tolerant, redundant infrastructure in dedicated environments to prevent data commingling.
  • Web Application Firewall (WAF) and Load Balancer protect the application, while a Security Information and Event Management (SIEM) system ensures internal visibility and response to security events.

Compliance and Privacy:

  • HITRUST Certification and a SOC-2 Type 2 audit underscore HRP's commitment to continuous security maturity and data protection.
  • Privacy Policy available online reflects HRP’s dedication to respecting user privacy.

By prioritizing security through rigorous standards and innovative practices, HealthRules® Payer not only meets but exceeds conventional security and organizational objectives. For more information on HRP’s commitment to security and privacy, visit their privacy policy.

About the Author

Chelsea Youngquist brings nearly 25 years of experience in sales and marketing to HealthEdge. With 15+ years of experience in healthcare, serving both payers and providers, she brings a broad and deep healthcare perspective to our product marketing team.

Profile Photo of Chelsea Youngquist
Follow on Linkedin More Content by Chelsea Youngquist