Rhapsody® health solutions are trusted by 1,700+ healthcare organizations around the world, in part because of our commitment to data privacy and security. We have experience complying with complex regulations around the world. In addition to HIPAA and GDPR, there are country-, region-, provincial-, and state-specific regulations and certifications that we stay on top of to ensure compliance for ourselves and our customers.

• ISO 27001 – All Rhapsody solutions
• SOC 2® Type II – All Rhapsody cloud solutions
• Cyber Essentials and Cyber Essentials Plus – All Rhapsody solutions
• HITRUST capable – All Rhapsody cloud solutions can be hosted in a HITRUST certified environment

InterOperability Bidco, Inc., dba Rhapsody, complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, as set forth by the U.S. Department of Commerce. InterOperability Bidco, Inc., dba Rhapsody has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

• GDPR Addendum
• EU-US Data Privacy Framework and UK Extension Privacy Policy
• Rhapsody’s Sub-Processors
• Rhapsody Data Transfer Impact Assessment Guide for Customers