Inside Disruption Blog

We believe in information security

Jim Mortensen
May 26, 2017

It seems like not a day goes by without hearing about another cyberbreach or release of protected information. From hospitals to retailers to banks to government agencies, there seem to be so many threats to our private information.


While R3 isn’t subject to HIPAA from a regulatory perspective, we believe that the trust placed in us by our customers and the people they serve to protect their information is paramount. That’s why we’re implementing the Health Information Trust Alliance Common Security Framework, better known as HITRUST. Once we’re certified, we can provide independent verification of our security standards.


HITRUST certification isn’t easy, but very little worth doing is easy. The standard itself is 500 pages long, and encompasses access control; human resources security; risk management, information security; intellectual property; physical security; asset management; communications and operations management, IT systems acquisition, development and maintenance, incident management; business continuity, and privacy practices. Each of those major categories has practices, policies, and procedures associated with it. While many people think of HITRUST as an IT effort, it’s really a whole company initiative.


Our commitment to protecting your information drives us to accept the effort and expense of this initiative, so our customers and their customers can rest assured that:


  • We take their privacy seriously.
  • We’ve effectively evaluated and managed our risks.
  • We can be trusted with sensitive information.

Jim Mortensen