Share:

Privacy, Security and Compliance

Experian Health is highly sensitive to the many privacy issues surrounding consumer information. Among other things, Experian Health does the following:

  • All data is transmitted via encrypted Web servers
  • All users are required to have a business need (permissible purpose) to access the services
  • All clients are screened to ensure appropriate use practices and are granted access only to the appropriate level of information

Experian Health has established procedures to comply with the following regulations:

  • Health Insurance Portability and Accountability Act (HIPAA)
  • Gramm-Leach-Bliley Act (GLBA)
  • Fair Credit Reporting Act (FCRA)
HIPAA Privacy and Compliance

Experian Health has a commitment to provide secure and reliable services to clients and is diligent about compliance to the HIPAA Privacy and Security regulations. The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is a broad federal law enacted by Congress, in part to help protect patient privacy. The part of the law that deals with privacy is intended to do the following:

  • Set limits on the use and disclosure of health information
  • Establish safeguards that hospitals, physicians, health plans and clearing-houses (“covered entities”) and their business associates must have in place to protect the privacy of health information
  • Hold violators accountable with civil and criminal penalties if they violate a patient’s privacy rights

As a trusted business associate with a variety of covered entities, Experian Health has implemented many safeguards, including a corporate HIPAA Security Program to effectively communicate and administer the HIPAA Privacy and Security regulations internally to associates and with business processes throughout the organization.

The HIPAA Privacy and Security Program is designed to:

  • Adapt and implement HIPAA Privacy and Security regulations to all areas of the organization
  • Protect the confidentiality, integrity and availability of electronic PHI
  • Use administrative, physical and technical safeguards to address reasonably anticipated threats and hazards to PHI
  • Educate and train all employees on the program and guidelines around Protected Health Information (PHI)

With the Final Omnibus Rule that was finalized in September of 2014, Experian Health implemented the requirements of this ruling in the form of risk assessments, updated breach notification policies and process, Business Associate responsibilities and requirements and regular HIPAA training. If you have any questions related to these changes or how Experian Health can assist you in this regard, please contact Susan Hanson, Compliance and Privacy Officer, at susan.hanson@experian.com.

To learn more about this regulation, please visit: http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/index.html and http://www.hhs.gov/ocr/privacy/hipaa/understanding/srsummary.html

The Gramm-Leach Bliley Act (GLBA)

Concerns about an increasing misuse of existing consumer information prompted Congress to enact the Gramm-Leach Bliley Act (GLBA) in 2001. The GLBA governs the disclosure of consumer information by financial institutions by:

  • Deterring unsolicited marketing activities,
  • Protecting consumer information from identity theft,
  • Requiring institutions to notify consumers of its information sharing practices; and
  • Prohibiting the sharing of consumer information without a consumer’s knowledge or consent.

Under the GLBA, Experian Health is considered a financial institution. As such, Experian Health has a responsibility to maintain the privacy and security of the consumer information in its care. For more information on GLBA, please visit: https://www.ftc.gov/tips-advice/business-center/privacy-and-security/gramm-leach-bliley-act.

The Fair Credit Reporting Act (FCRA)

The Fair Credit Reporting Act (FCRA) regulates businesses that provide and use consumer reports. Anyone who uses information in a consumer report is a “user” of consumer reports. Experian Health has products that use this data and should be understood that this regulation is part of these tools.

For more information on this regulation, please visit: https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/fair-credit-reporting-act.

Upcoming Compliance Mandates

 

ICD-10 — Deadline October 1, 2015

What is ICD-10?

The Department of Health and Human Services (HHS) announced in 2008 a proposed regulation that would replace the ICD-9 diagnosis code sets with the greatly expanded ICD-10-CM (diagnosis) and ICD-10-PCS (hospital procedure) code sets.

What to Expect

Experian Health implemented the acceptance of ICD-10 within applications that contain diagnosis coding in mid-2011. Although ICD-10 conversion coding is based upon the client hospital information system or practice management system, plans related to assisting clients with the ICD-10 transition will be ongoing. Clients should make Experian Health aware of any changes to HIS or PMS systems related to ICD-10 data elements, as we will want to work with your vendor changes to ensure connections or transfers of data are not interrupted.

Client communication related to this effort is available and we want to ensure that you have everything you need to be successful when these changes arise. Please contact support or the Privacy and Compliance Officer (as listed below) if you have any questions about these changes.

To learn more about this regulation, please visit CMS at www.cms.gov/home/regsguidance.asp.

All ICD-10 vendor surveys can be submitted to the individual listed below:

Susan M. Hanson

Compliance and Privacy Officer

Email: susan.hanson@experian.com

Phone:  (763) 416-1010

 

Please contact this individual for all questions related to privacy, security and compliance.

Experian and the Experian marks used herein are service marks or registered trademarks of Experian Information Solutions, Inc. Other product and company names mentioned herein are the property of their respective owners.