NORRISTOWN, Pa. – February 20, 2019 – MRO, a leader in the secure, compliant and efficient exchange of protected health information (PHI), announced today it successfully completed an AICPA Service Organization Control 2 (SOC 2) Type II audit in December 2018, demonstrating compliance to strict information privacy and security standards. The audit was conducted by independent auditor Meditology Services, LLC, an information security consulting company focused exclusively on serving the healthcare industry.

The audit report covers MRO’s production facilities, business processes and flagship ROI Online® PHI disclosure management platform that is implemented in over 8,500 healthcare providers across the U.S.  Results of the audit verify that MRO’s policies and strategies satisfactorily protect client data and fully meet stringent SOC 2 standards.

The SOC 2 framework includes five key sections, forming a set of criteria called the trust services principles:

  • Security of the service provider’s system
  • Processing integrity of this system
  • Availability of this system
  • Privacy of personal information that the service provider collects, retains, uses, discloses and disposes for user entities
  • Confidentiality of the information that the service provider’s system processes or maintains for user entities

“The successful completion of this audit engagement, without deviation, demonstrates MRO’s ongoing commitment to maintaining effective controls and processes for security, availability of our operations, and the handling of client data,” said Anthony Murray, Vice President of Information Technology and ISSO for MRO. “This external audit provides our clients with an enhanced layer of trust and confidence in MRO’s essential operations and service delivery.”

The reporting period for MRO’s SOC 2 Type II audit was August 1, 2018 to October 31, 2018. This achievement follows MRO’s HITRUST CSF® certification earned in March 2018.

About MRO

MRO, the KLAS-rated #1 provider of release of information (ROI) solutions since 2013, empowers healthcare organizations with proven, enterprise-wide solutions for the secure, compliant and efficient exchange of Protected Health Information (PHI). In addition to ROI, MRO’s suite of PHI disclosure management solutions is comprised of government and commercial payer audit management and accounting of disclosures services and technologies. MRO’s technology-driven services reduce the risk of improper disclosure of PHI, ensure unmatched accuracy and enhance turnaround times. To learn more, visit