In 2019, the healthcare sector saw more than 40 million patient records breached. So far this year, some of the largest, most respected healthcare organizations in the world have reported breaches of sensitive patient information (Health IT Security, 2020). While this year has been dominated by COVID-19 headlines, phishing attacks and ransomware threats are becoming the norm, making the need for increased data security more important than ever before.
SwiftRx Direct, RxRevu’s integrated cost transparency solution, brings patient-specific cost information, coverage restrictions, and therapeutic alternatives into native EHR workflows. Giving providers drug cost information at the point-of-prescribing is no easy feat though. Our team has worked tirelessly to create secure connections between PBMs, health plans, EHR vendors, and health system sites to enable evidence-based prescribing to provide patients the care they need at prices they can afford. While RxRevu’s Real-Time Prescription Benefit solution is not necessarily an application that physicians log into or even know they are using – since it delivers data within their normal EHR workflow – RxRevu must follow the strictest PHI security guidelines because of the nature of our work.
The leading security and compliance framework in the healthcare industry is the HITRUST CSF Assurance Program, and our team is extremely proud that we have achieved HITRUST certification for our SwiftRx® Direct™ application for the third year in a row. Certification underscores our team’s commitment to meeting the most rigorous healthcare security standards in protecting patient information.
RxRevu processes large volumes of sensitive patient prescription information on a daily basis using industry-standard encryption methods. Whether it is transferring patient coverage information from a PBM to the clinician’s EHR workflow or deciphering plan information to display point-of-care recommendations, our team takes extra precaution to de-identify patient information, transmit data through the most secure methods, and dispose of information appropriately. In particular, RxRevu has robust processes in place to randomize PHI, eliminate employee access to specific patient information, and provide end-to-end encryption for employees and our partners.
So far this year, RxRevu has completed more than 22 million transactions (compared to 1 million transactions across 2019) through our solution, bringing patient-specific coverage and cost information to the point-of-care. Even with this tremendous growth, we have continued to prioritize best-practice data protocols and security in order to meet the needs of our clients, and reassure them that we hold ourselves to the highest patient data standards.
HITRUST CSF Certified status demonstrates that all certified systems have met key regulations and industry-defined requirements and are appropriately managing risk. HITRUST CSF is a risk-based security framework which incorporates federal and state regulations, standards, and frameworks. This achievement places RxRevu in an elite group of organizations worldwide that have earned this certification, and demonstrates our ability to provide world class healthcare technology supported by superior compliance and security in protecting electronic protected health information.
As more healthcare and clinical decision support organizations implement cloud-based technologies, it is critical to demonstrate these solutions comply with the highest industry data protection and security standards. “RxRevu has always viewed security as vital to the services we offer, and something we work to integrate directly into our company culture,” said Carm Huntress, Chief Executive Officer at RxRevu.
Even with this year’s certification behind us, our team is constantly working to build the most secure, efficient data pipelines in the industry. We look forward to growing our network of partners and maintaining the rigorous HITRUST standards in the future. Health systems, PBMs, and EHR vendors who are interested in joining the nation’s largest prescription price transparency network should reach out to learn more.
Written by Nick Macias, Information Security and Compliance Officer