Privacy, Security and Compliance
Experian Healthcare is highly sensitive to the many privacy issues surrounding consumer information. Among other things, Experian Healthcare does the following:
- All data is transmitted via encrypted Web servers
- All users are required to have a business need (permissible purpose) to access the services
- All clients are screened to ensure appropriate use practices and are granted access only to the appropriate level of information
Experian Healthcare has established procedures to comply with the following regulations:
- Gramm-Leach-Bliley Act (GLBA)
- Fair Credit Reporting Act (FCRA)
- Health Insurance Portability and Accountability Act (HIPAA)
HIPAA Compliance
Experian Healthcare has a commitment to provide secure and reliable services to clients and is diligent about compliance to the HIPAA Privacy and Security regulations. The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is a broad federal law enacted by Congress, in part to help protect patient privacy. The part of the law that deals with privacy is intended to do the following:
- Set limits on the use and disclosure of health information
- Establish safeguards that hospitals, physicians, health plans and clearing-houses (“covered entities”) and their business associates must have in place to protect the privacy of health information
- Hold violators accountable with civil and criminal penalties if they violate a patient’s privacy rights
As a trusted business associate with a variety of covered entities, Experian Healthcare has implemented many safeguards, including a corporate HIPAA Security Program to effectively communicate and administer the HIPAA Privacy and Security regulations internally to associates and with business processes throughout the organization.
The HIPAA Security Program is designed to:
- Adapt and implement HIPAA Privacy and Security regulations to all areas of the organization
- Protect the confidentiality, integrity and availability of electronic PHI
- Use administrative, physical and technical safeguards to address reasonably anticipated threats and hazards to PHI
Compliance Mandates
There are many forms of compliance. In addition to privacy and security, Experian Healthcare’s products and consultative services are required to meet and accept many industry compliance guidelines as set forth by CMS, HHS and HIPAA. These compliance guidelines often require changes to Experian Healthcare’s products, and these changes can depend on the compliance of other healthcare trading partners and entities with which data is managed, exchanged and stored. By working in coordination with clients, vendors and trading partners, Experian Healthcare is continually preparing to meet compliance mandates and to work within expected time frames to ensure successful outcomes. With an internal compliance task force to watch industry news, monitor proposed changes, prepare products and services, and communicate with clients as necessary, Experian Healthcare maintains a year-round focus on compliance initiatives and industry changes.
A list of current compliance projects will be available here for reference, and any questions related to upcoming industry changes should be directed to our compliance task force at ctfinfo@experian.com.
Upcoming Compliance Mandates
ICD-10 — Deadline October 1, 2014
What is ICD-10?
The Department of Health and Human Services (HHS) announced in 2008 a proposed regulation that would replace the ICD-9 diagnosis code sets with the greatly expanded ICD-10-CM (diagnosis) and ICD-10-PCS (hospital procedure) code sets.
What to Expect: Experian Healthcare implemented the acceptance of ICD-10 within applications that contain diagnosis coding in mid-2011 and will continue working to incorporate additional ICD-10 enhancements where applicable through 2012. Although ICD-10 conversion coding is based upon the client hospital information system or practice management system, plans related to assisting clients with the ICD-10 transition will be ongoing.
To learn more about this regulation, please visit CMS at www.cms.gov/home/regsguidance.asp.
All ICD-10 vendor surveys can be submitted to ctfinfo@experian.com.
For additional questions regarding our commitment to privacy, security and compliance, please contact susan.hanson@experian.com.
5010 — Deadline is Jan. 1, 2012, with adoption extension to June 30, 2012
What is HIPAA 5010?
In January 2009, HHS announced a final rule that replaces the current version of the electronic transaction standards (4010) with version 5010 for all electronic claim, remittance and eligibility transactions. All transactions must be transmitted in compliance with standards set forth by HIPAA by the final compliance date of Jan. 1, 2012. In November 2011, an extension of compliance was granted to providers until March 31, 2012 and has recently been further delayed to June 30, 2012.
What to Expect: Experian Healthcare has implemented the 5010 transaction standard as applicable to transaction-based products and services. To learn more about this regulation, please visit CMS at