Experian Health maintains multiple accreditations that validate our ability to securely manage patient data and other healthcare transactions.
PCI compliance & accreditations
Payment Card Industry Data Security Standard (PCI DSS)
Experian Health has met the requirements of the Payment Card Industry Data Security Standard (PCI DSS) as a Level One Service Provider. Among many requirements, this process includes ongoing third-party security audits, penetration testing, thorough policies and procedures, and rigorous software testing standards. This certification is specific to our financial product suite.
SOC2 Type II Report
Experian Health is contracted with a third party to annually perform a SOC2 Type ii audit. This report can be provided to customers or business partners upon request, assuming that an NDA is in place. SOC2 criteria include security, availability, processing integrity, and confidentiality or privacy.
Electronic Healthcare Network Accreditation Commission (EHNAC)
Experian Health has been accredited from the Electronic Healthcare Network Accreditation Commission (EHNAC) as a clearinghouse (EHNAC-HNAP). An up to date status of our accreditation can be found on the EHNAC website. This accreditation status can be found under the Passport Health Communications brand via the link below. https://www.ehnac.org/accreditation-full/#
Core Certification Phase 1 & 2
Experian Health has obtained the Core Certification Phase 1 & 2 Endorsement as a Clearing House entity.
Experian Health directly conducts virtually all data processing activities to provide our services. However, we may engage some third-party suppliers to provide services related to its services, including customer and technical support. Prior to onboarding third-party suppliers, Experian Health conducts an assessment of their security and privacy practices to ensure they provide a level of security and privacy appropriate to their access to data and the scope of the services they are engaged to provide. Once we’ve assessed risks, the supplier is required to enter into appropriate security, confidentiality, and privacy contract terms.
Our customers have varying regulatory compliance needs. Our clients operate across regulated industries, including finance, pharmaceutical and manufacturing.
We welcome the opportunity to provide you more details.