Experian Health has met key regulations and industry-defined requirements and is appropriately managing risk. This achievement places Experian Health in an elite group of organizations worldwide that have earned this certification. By including federal and state regulations, standards and frameworks, and incorporating a risk-based approach, the HITRUST CSF helps organizations address these challenges through a comprehensive and flexible framework of prescriptive and scalable security controls.
Experian Health has met the requirements of the Payment Card Industry Data Security Standard (PCI DSS) as a Level One Service Provider. Among many requirements, this process includes ongoing third-party security audits, penetration testing, thorough policies and procedures, and rigorous software testing standards. This certification is specific to our financial product suite.
Experian Health is contracted with a third party to annually perform a SOC2 Type ii audit. This report can be provided to customers or business partners upon request, assuming that an non-disclosure agreement is in place. SOC2 criteria include security, availability, processing integrity, and confidentiality or privacy.
Experian Health has been accredited from the Electronic Healthcare Network Accreditation Commission (EHNAC) as a clearinghouse (EHNAC-HNAP). An up-to-date status of our accreditation can be found on the EHNAC website. This accreditation status can be found via www.ehnac.org/accreditation-full/
Experian Health has obtained the Core Certification Phase 1 & 2 Endorsement as a Clearing House entity.
Experian Health directly conducts virtually all data processing activities to provide our services. However, we may engage some third-party suppliers to provide services related to its services, including customer and technical support. Prior to onboarding third-party suppliers, Experian Health conducts an assessment of their security and privacy practices to ensure they provide a level of security and privacy appropriate to their access to data and the scope of the services they are engaged to provide. Once we’ve assessed risks, the supplier is required to enter into appropriate security, confidentiality, and privacy contract terms.
Our customers have varying regulatory compliance needs. Our clients operate across regulated industries, including finance, pharmaceutical and manufacturing.