IT and Data Security Solutions for Healthcare

Our comprehensive security offering is engineered to address the needs of companies in a highly-regulated industry for the most demanding data security requirements. Our global network of security experts, state-ofthe-art data centers and meticulous data management approach make us uniquely qualified to store and protect customer information. Healthcare organizations regularly turn to us for our longstanding commitment to information security, proven ability to process and manage highly sensitive data and deep understanding of industry regulations and requirements.

RRD Healthcare IT Security Platform

Clearly Defined Incident Response Measures

If security incidents do arise, RRD is ready to respond rapidly and effectively. Our well defined, documented and audited process addresses any incident as it occurs; and our staff are specifically trained in incident response to properly guide operations teams and engage appropriate external parties as necessary.

Rigorous and Frequent Third-Party Auditing

Each year, we undergo approximately 350 on-site customer security audits and more than 800 written risk assessments. We have also completed the SOC2 audit or its SAS70 predecessor for over a decade. In 2016, we integrated the HITRUST Common Security Framework (CSF) program into our annual SOC2 audit process, making us one of the first companies in the industry to complete a SOC2+CSF audit. The completed SOC2+CSF report attests to RRD’s compliance with the core HITRUST CSF controls and three of the AICPA Trust Principles.

Comprehensive Security and Compliance

RRD has a dedicated security and compliance team managing and monitoring all security controls, audits, assessments and incidents. Our security and compliance program is built on the internationally recognized frameworks of ISO27001 and the three AICPA Trust Principles of Data Security, Data Confidentiality and Data Availability.

Our framework also maps to specific Healthcare regulatory legislation including (but not limited to) Health Insurance Portability and Accountability Act (HIPAA); Gramm, Leach, Bliley Act (GLBA); UK/EU/ Swiss Data Privacy Directives and U.S. Department of Commerce Safe Harbor; Canadian Personal Information Protection and Electronic Documents Act (PIPEDA); and Payment Card Industry Data Security Standard (PCI DSS).

Continuous Systems Monitoring and Protection

RRD networks are monitored by Intrusion Detection, and key systems are covered by DDoS Prevention services to provide 24x7 security management. We continuously aggregate and monitor logs in real time to secure against unauthorized system access. We also routinely test our systems and applications for vulnerabilities and adhere to strict patch management protocols.

Leading Technology. World-Class Service

RRD brings you a worldwide network of high quality data centers and relationships with leading data security providers, delivering an infrastructure architecture that provides ongoing resiliency against the threats you face. From data center service partnerships that ensure access to backup and failover environments at geographically dispersed locations, to around-the-clock account service customized precisely to your needs, our success is solely measured by your satisfaction and peace of mind.

A Tailored Approach to Data Security

RRD knows data and data security. We’ve instituted guidelines to carefully categorize and store data based on its level of sensitivity — an approach that allows us to channel the majority of our resources toward protecting your most valuable information.

Secure Facilities, Stringent Standards

RRD only processes member data in facilities configured to handle confidential and private information. Facility employees must wear visible identification at all times and are monitored with video surveillance in production areas where private or confidential work is carried out. All systems access is granted on a least-privilege basis to confirm that staff has access only to data relevant to their job. And, our non-destructive email and text messaging archives make sure that all electronic correspondence can be reviewed and monitored as needed.

Rigorously-Screened and Highly-Trained Workforce

RRD’s IT workforce spans the globe to accommodate your needs. All job applicants are carefully screened, particularly those applying for positions requiring access to private or confidential information. Our application process includes thorough background checks and nondisclosure agreements detailing security and legal responsibilities. Once hired, team members receive job-specific training as well as security awareness training at least once annually.

Premier Data Privacy Program

For any communications services organization, a focus on data privacy is as critical as on data security in order to protect sensitive customer information. The depth, breadth and consistency of RRD’s security program is matched by its privacy program.

As the industry evolves and security standards change, RRDis committed to those changes. We were an early supporter of and are committed to the integration of the SOC2 reporting process with the HITRUST CSF controls – recognizing that HITRUST CSF is widely relied upon by the healthcare industry to ensure the protection and confidentiality of their information. RRD also serves as a founding member on the HITRUST Business Associate Council.

We maintain a global staff dedicated to managing our privacy obligations, including a Chief Privacy Officer, regional Privacy Managers and in-house legal counsel with special knowledge on privacy regulations and concerns. RRD also has ongoing relationships with external legal firms specializing in privacy matters.

RRD is deeply engaged with the community of privacy professionals, is a sponsoring organization of the International Association of Privacy Professionals (IAPP), and has numerous staff with CIPP certification.

Our incident response program is as prepared to address the privacy obligations arising from a potential data exposure incident as it is any technical data security aspects. In fact, RRD offers services to our customers to assist with data breach notification procedures and obligations resulting from data exposure incidents within their organizations or their partners.

Premier Data Privacy Program