Compliance

Full implementation of the Appropriate Use Criteria program has been indefinitely delayed, giving providers more time to prepare. The Centers for Medicare and Medicaid (CMS) introduced the consultation mandate to ensure that advanced diagnostic imaging services would be provided to Medicare beneficiaries only where medically necessary. Originally slated to commence in January 2022, the penalty phase had already been pushed back until January 1, 2023, at the earliest, due to logistical challenges and concerns about the administrative burden on providers. While penalties for non-compliance won’t kick in just yet, claims submitted before full implementation could still be subject to denial. Providers should take advantage of the extended educational and operations testing period to stress-test their pre-claims infrastructure for any Medicare claims that would fall under the program or that require other forms of pre-authorization. This means implementing alerts to comply with the Appropriate Use Criteria program and prior authorizations requirements To support providers to manage these changes, Experian Health’s Prior Authorizations solution now includes informational alerts for Medicare plans where a patient order needs to comply with AUC or requires prior authorization. Recap: what the Appropriate Use Criteria program means for providers The AUC program requires providers to consult a Clinical Decision Support Mechanism (CDSM) any time they want to order specific advanced diagnostic imaging services for certain Medicare outpatients. The CDSM online portal will check the patient’s record to confirm whether AUC requirements apply. The ordering physician must pass on this information to the imaging services provider. Any physicians whose ordering patterns are considered outliers will need to seek prior authorization. The process for this hasn’t yet been determined. To secure reimbursement for diagnostic imaging services, imaging service providers will need to have the appropriate certificate of compliance. This means that while the administrative responsibility lies with the ordering provider, the financial consequences of non-compliance sit with the service provider. That may or may not be the same facility. Clear communication, robust records management and interoperable data will be essential to avoid claim denials. Pitfalls of manual prior authorizations and pre-claim reviews Many healthcare providers still rely on manual paperwork for prior authorizations and pre-claim reviews. However, these processes are inefficient and prone to error, especially as claims increase in volume and complexity. The Council for Affordable Quality Healthcare (CAQH) estimates that manual status inquiries take up to 30 minutes each, with automated alternatives reducing this by up to a third. The financial impact is compounded by staff time wasted on unnecessary rework, non-compliance penalties and denied claims. Automated compliance checks can help ensure that no pre-claim requirements are missed. With tools such as Experian Health’s online prior authorizations solution, claims are more likely to be complete and compliant, denials will be less likely, and staff will be able to work more efficiently than if they attempt the process manually. This online service automates prior authorization inquiries with auto-filled payer data, only prompting users when their involvement is needed. Inquiries take place behind the scenes, using dynamically updated knowledgebase stores. Now, the knowledgebase will facilitate quick checks to see if a procedure also requires AUC adherence and alert users accordingly. Enhanced automated pre-claim checks for cleaner claims the first time The new informational alerts are the latest enhancement to Experian Health’s pre-claim management solutions to help providers stay compliant. Earlier in 2022, the Medical Necessity application was adapted to include informational alerts when a procedure needs AUC adherence or prior authorization for Medicare patients. Medical Necessity prevents denials and fines by automatically validating medical necessity checks for Medicare claims. Beyond requirement checks for Appropriate Use Criteria and prior authorizations, automation can also be used to improve other aspects of claims management increase claim accuracy and avoid denials. For example, Claim Scrubber reviews each claim line-by-line, verifying that the claim is coded correctly before it’s submitted to the clearinghouse or payer. Claim Scrubber generates general and payer-specific edits, which now also include AUC adherence checks. Users receive alerts with detailed explanations of why a claim was flagged, so modifications can be made before the claim is submitted. These tools integrate seamlessly with electronic medical record systems so claims and patient orders can be checked against payer rules for medical necessity, frequency, duplication and updated modifiers, and to ensure patient information is current. This also facilitates a more reliable exchange of information between all those involved in the provision and reimbursement of healthcare services. Not only does this promote compliance with Medicare rules and reduce the risk of penalties and denials, but it also promotes better communication between healthcare organizations to deliver high-quality care and a better patient experience. Find out more about how Experian Health’s enhanced pre-authorization solutions support better claims management and help healthcare providers comply with Appropriate Use Criteria and other prior authorizations requirements.

The No Surprises Act, effective Jan. 1, 2022, requires that healthcare providers include a “Good Faith Estimate” that covers all relevant codes and charges. This was established to increase price transparency for patients. For a summary of the No Surprises Act, read our previous blog. In our recent webinar, hosted on December 15, 2021, industry expert Stanley Nachimson, principal of Nachimson Advisors*, answered our audience’s most pressing questions about “Good Faith Estimates.”** To read the FAQs from our first webinar, click here. Experian Health can help your healthcare organization navigate the regulatory landscape  and implement solutions ranging from transparent, patient-friendly estimates to our all-new FREE No Surprises Act (NSA) Payer Alerts Portal.  Here’s what Nachimson had to say: Q1: What are the top things to do now to prepare for the No Surprises Act by Jan. 1? SN: Set up processes to avoid out-of-network billing for emergency and in-network facility services Out-of-network providers need to make sure they have the right processes set up to avoid surprise billing patients. Evaluate in-and-out of network status for all providers Implement Good Faith Estimate for Uninsured/Self Pay from a single provider Make sure to have a process in place for self-pay or uninsured patients Prepare patient notice documents Train staff and ensure they’re aware of new rules and changes Q2: What must be included in the Good Faith Estimate starting 1/1/22? SN: Starting Jan 1, 2022, the only Good Faith Estimates required are for “self-pay” or uninsured patients. These are the only ones that will be enforced/mandated on January 1st. CMS has created forms that show what GFEs should include. This includes individual services that will be provided in an encounter, line-item descriptions of services, procedure codes, diagnosis codes, and more. Estimates should be within $400 of the final bill for any provider or facility that was included, assuming there are no extenuating circumstances. Q3: How should providers deliver the Good Faith Estimate to the patient? Payers? SN: For patients, Good Faith Estimates should be delivered in a written document. This can be done through email, USPS, or delivered in person. Currently, providers do not need to worry about sending anything to payers. Regulators put this requirement on indefinite hold until they have more clarity on the technical delivery/transition of this data. CMS expects to provide a ruling clarification on this in 2022. Experian Health is now offering a FREE comprehensive, updated list of No Surprises Act (NSA) payer policy alerts for United States hospitals, medical groups, and specialty healthcare service organizations. Q4: What are the differences between Insured & Self-Pay Good Faith Estimates that providers should consider starting Jan. 1? SN: There will probably be no significant difference in the GFEs for self-pay vs insured individuals. However, the GFEs will be sent to health plans for the insured individuals. At this point, there is no standard electronic delivery method. Individual providers/organizations may come up with their own paper or electronic form, assuming it contains all the required information. At some point in the future, the GFEs will be sent to health plans for insured patients, and that will most likely be a standard transaction. CMS is currently waiting on guidelines for what this transaction will look like. Q5: How does an estimate get calculated when there are multiple providers involved? Who is the “convening provider?” SN: A convening provider is the provider that (1) is responsible for scheduling the primary item or service(defined as “the initial reason for the visit”), or (2) receives a request from an individual shopping for an item or service)—must determine at the time an item or service is scheduled or when a patient is shopping for care whether the patient is a self-pay patient, as defined above. This will not be enforced on Jan. 1, 2022. In 2022, each provider will be expected to provide the GFE for their own services. Because there aren’t any processes in place, the healthcare industry will have at least 1 year to develop a standard guideline for gathering this information. The requirement that the convening provider combines all provider GFEs into one GFE will not be enforced until 2023.This means that over the course of 2022, the convening provider will not be required to include estimates from other providers.  The industry will need to create a standard guideline and establish communication processes first. Until then, patients will need to ask every provider involved for a Good Faith Estimate.  Providers may wish to consider how they will accomplish this during 2022. Q6: Does the Good Faith Estimate apply to all services – even office visits? Labs? Urgent care? Drop-ins? SN: It applies to all types of services. However, depending on when the service is scheduled, the timeframe will vary on when the Good Faith Estimate can be sent out. Q7: If the actual charges are more than $400 greater than the Good Faith Estimate, what consequences will be there for providers starting Jan. 1? SN: The latest rule established an independent dispute resolution process.  The patient must initiate the process within 120 days of receiving the bill, file the required documentation and pay a $25 administrative fee. Webinar Series: Unpacking The No Surprises Act and Q&A with an expert Industry expert Stanley Nachimson, Health IT Implementation Expert, recently hosted a series of webinars to help providers get up to speed on what they need to do to comply with the No Surprises Act. Learn about the Good Faith Estimate, how NSA will apply in different care settings, and more. *Stanley Nachimson is not an employee or representative of Experian Health. **The scope and details of the No Surprises Act are evolving. The information provided here is up to date as of December 23, 2021. This content is intended for information and education purposes only.  Experian Health cannot and does not provide legal and compliance guidance.  It is recommended that all organizations review the regulation thoroughly and seek appropriate legal and compliance guidance to determine an appropriate strategy for compliance. Experian Health offers solutions across the healthcare journey – including patient engagement, revenue cycle management, identity management, care management and analytics – that may contribute to meeting compliance requirements.  

Healthcare data breaches are nothing new, but their size and frequency are increasing: CVS Health lost over a billion search records when a third party accidentally made an online database publicly accessible in March 2021. A ransomware data breach at prescription management vendor CaptureRx affected over a million patients at 17 healthcare providers in February 2021. More than 3.47 million individuals and at least 10 healthcare organizations were affected by a massive data breach at file transfer company Accellion, which spanned multiple global industries in December 2020.   Further illustrating the risks to healthcare organizations, Scripps Health in San Diego was hit with two class-action lawsuits that assert that the organization should have done more to protect patient data. If upheld, it will set a precedent for healthcare organizations to be held legally responsible for failing to protect data – to the tune of $1000 per patient. The direct monetary cost of fines and lawsuits, however, may ultimately be a secondary concern as damaged reputation is often a more difficult setback to overcome. Patients increasingly approach healthcare as “consumers” and a breach – or a poorly managed breach situation – might prompt them to look elsewhere for care. “Incidents happen every day. However, the real threat lies in how quickly and efficiently an organization can respond. This is what customers will remember. You need to be able to make prompt updates to your website, scale up call center capacity, and have answers ready when consumers need them.” The growing frequency and scale of health information breaches means it’s no longer sufficient to say, “we’re careful with our health data – this won’t happen to us.” Medical identities are extremely valuable, which makes them an attractive target to cybercriminals. In addition, the sudden increase in virtual care and remote working during the pandemic has created new vulnerabilities in data security.   A recent FBI alert that a major ransomware group is targeting the healthcare sector with phishing attacks is a cl reminder that healthcare organizations can’t relax when it comes to cybersecurity. It’s a case of “when, not if” a healthcare organization will have to deal with a breach. Prevention is the goal, but preparation is the smart strategy.   Shifting from data breach prevention to preparedness   During the pandemic, the volume of data being shared within and between healthcare organizations sky-rocketed, as providers offered more virtual care services and workforces became more distributed. While these innovations meant access to healthcare and work could continue safely, the shift to cloud-based data sharing and storage, means the data perimeter is much broader and tougher to secure – if there remains a perimeter at all. Data must be secured at the device- and employee-level now.   While prevention is better than cure, the hard truth for healthcare cybersecurity teams is that they’re increasingly likely to have to deal with a breach. Unfortunately, many organizations don’t have the technology, resources, or time to prevent breaches all the time, at every access point.   Chris Wild, vice president at Experian Health, says:   “We’re seeing an increased frequency of cyber threats across the whole industry. Hardly a week goes by that we don’t hear of a health system under attack from hackers or ransomware. The statistics show us there’s a health data breach nearly every single day, so it’s just a matter of time before it impacts any one provider, pharmacy, payer or physician group.”   Instead of focusing solely on prevention, healthcare organizations need a strategy to prepare for what happens when a breach occurs. If they don’t, they risk a long, public struggle to contain the breach, resulting in brand damage, patient loss, and financial consequences in the form of fines and lost revenue.   Building a data breach response plan   Recovering from a data breach requires a speedy and thorough response. With a plan in place, action can be taken as soon as the dreaded call comes in. Knowing exactly what needs to be done to meet HIPAA notification requirements, helps reassure consumers and regulators alike that every effort is being made to contain the breach. Not only will this help minimize fines, but it will also mitigate against the reputational damage caused by the security breach.   A breach is bad enough but compounding the negative impact of exposed data by failing to provide sufficient support to worried consumers is even worse. Wild says: “Incidents happen every day. However, the real threat lies in how quickly and efficiently an organization can respond. This is what customers will remember. You need to be able to make prompt updates to your website, scale up call center capacity, and have answers ready when consumers need them.”   A robust response plan calls for C-suite engagement, clear success metrics, and regular pressure-testing. Above all, it must be flexible to adapt to whatever size and type of breach occurs.   The best support for the worst-case scenario A data breach response plan isn’t going to prevent the breach itself, but it can help a healthcare organization take the right steps in the aftermath. Having serviced thousands of data breaches over the last 17 years, Experian Health’s Reserved Response™ program is based on real world experience and has evolved as the threats and consequences have increased. In a recent survey, clients using Reserved Response reported 15% fewer data security incidents than those who did not. Furthermore, any incidents that did occur tended to be smaller in scale.   Because the risk and impact of data breaches is trending upwards, this year Experian Health has introduced a new Reserved Response Hub. This digital, self-service tool helps to prepare and test a data breach plan, including: the new and improved 2021 Data Breach Response Guide downloadable readiness reading materials tried and tested notification templates a pre-breach incident checklist access to Experian’s full Reserved Response service, which provides support before or after a breach to ensure regulatory compliance and support for those impacted.   Reserved Response can help healthcare organizations put together a data breach preparedness plan in as little as three days.  

The pandemic dominated healthcare in 2020, but it won’t be recognized as a reason to delay complying with CMS’ price transparency mandate, which went into effect on Jan. 1, 2021. A recent study conducted by HealthAffairs indicated that 65 of the 100 largest hospitals in America had not complied as of February 2021. And new reports from CMS suggest $300 daily fines will follow if CMS warning letters have no impact, in addition to the possible public exposure of facilities failing to be compliant. There are a number of reasons why price transparency has generated so much attention – both before and during the COVID pandemic. Consumer advocates point to other transactional experiences, such as auto and home purchases, where understanding the price is complicated, but achieved. There’s been a lot of research on price transparency’s impact on patients, as well; helping consumers understand healthcare billing reduces the stress of their financial experiences. Transparent pricing makes sense in many cases for providers, too. They may benefit from patients being able to plan for the costs of care, which can result in fewer missed payments and write-offs. For these reasons and others, price transparency has been a hot topic for the last few years. The Centers for Medicare and Medicaid Services (CMS) final rule on price transparency became effective on January 1, 2021, requiring hospitals to give patients clear information about their medical costs, including a list of charges for the hospital’s 300 most shoppable services, so patients can make informed decisions. Payers are expected to provide similar pricing information beginning January 1, 2022. The spotlight on healthcare pricing seems unlikely to dim any time soon. What does this mean for providers and payers? Price transparency is here to stay There were legal challenges made against the price transparency final rule, questioning federal authority and invoking constitutional rights violations, but the DC Circuit Court dismissed the claims in December 2020. Arguments against the current mandate are not limited to disputing legal authority, suggesting that government should not interfere with private sector pricing – and that complex pricing information could create the opposite effect of confusing consumers. In fact, many providers and payers voice support for price transparency, but not as put forward by the final rule. Despite this, consumer demand for pricing clarity before delivery of services continues to grow and current government regulation is the most far-reaching attempt so far to remedy this. A few state legislatures are moving forward with their own regulations, which could prompt more local collaborations between providers and payers to clarify out-of-pocket cost estimates. Achieving the level of transparency that CMS and consumer groups hope for will be challenging, but attempts to find common ground are growing. What will price transparency look like under the Biden Administration? Since President Biden entered the White House, the trend towards transparent pricing has continued. Provider compliance has been slow – many pointing to 12 months of battling COVID as the primary reason – prompting legislative pressure to step up audits and penalties. CMS has already started issuing noncompliance warning letters and, while it may modify the ruling under a new administration, there’s no sign of any plans to reverse the policy. Consumer action groups have voiced concerns that the regulation falls short, citing the difficulty a consumer may have trying to find pricing at provider web sites. Other consumers are limited to payer-negotiated rates and have little choice but to stick with their current providers. Making information available is likely an early step toward what price transparency will ultimately look like, but making that information easy to find, understand and act on is what consumers value – and what many providers and payers say they want to provide in a more customized, less one-size-fits-all application. A marketing strategy for price transparency As patients bear more responsibility for healthcare costs, they’ve come to expect a consumer experience that affords them greater control and choice. A Pioneer Institute study found that 70% of healthcare consumers want to see pricing information before undergoing a medical procedure. Actively communicating a commitment to price transparency can be a powerful marketing strategy to attract and retain loyal consumers. Not surprisingly, this messaging resonates more with user-friendly tools to guide patients through their financial journey and make sense of charges. Many providers believe they’re complying with the final rule but may actually be vulnerable to penalties because their pricing files are in user-unfriendly formats. A web-based pricing tool can help solve for this by offering patients accurate estimates and recommended payment plans before or at the point of service. Similarly, a text-to-mobile tool, such as Patient Financial Advisor, can send automated text messages to patients with personalized estimates and bills. Keeping an eye on healthcare price transparency More tools are now available to help patients make sense of their billing and it’s becoming easier for providers and payers to create a patient financial experience that’s supportive from the start. Not only will this help patients understand their cost of care (and with that understanding likely comes better collections performance), it’ll help reduce the risk of uncompensated care ¬– and avoid penalties as the final rule takes root. The Biden Administration’s focus on consumer-friendly healthcare services will likely keep price transparency at the forefront. What that looks like over the next few years depends on regulatory and market forces, but providers and payers alike will benefit from offering solutions that make sense for their organizations and patient populations. Find out how Experian Health’s price transparency tools could help your organization with the transition.

Will handshakes become a thing of the past? Will face masks become a regular feature of flu season? Will home-working remain popular, even after workplaces re-open? COVID-19 forced some abrupt behavior changes that challenged existing cultural norms, but as the pandemic subsides, how many of these adaptations will survive?   For healthcare executives, the return to on-site medical visits raises similar questions. Healthcare consumers were already expressing an appetite for more convenience and control, and the pandemic accelerated the use of digital solutions for everything from patient access to telehealth. Being able to book appointments, complete pre-registration forms and make payments online is the new baseline.   As patient volumes start to increase, hospitals and physician groups shouldn’t take their foot off the gas with digitalization, particularly in patient intake, which doesn’t have to involve in-person contact. There’s an opportunity now to learn from what’s worked well over the last year and cement the pandemic’s digital legacy.   What does the new normal look like in patient intake? Getting back to basics with convenience and compassion Once crisis mode has passed, providers can refocus their efforts on the building blocks of an optimal health service: high quality care and a convenient and compassionate patient experience. After the uncertainty and loss of control over the last year, patients want autonomy and choice. Initiating a smooth patient journey through online pre-registration, patient portals, virtual waiting rooms and digital scheduling can contribute to this.   Many will be happy to say goodbye to piles of paper forms and long waits in the waiting room. But any digital strategy must also support those with limited access to devices and broadband or limited digital literacy. Liz Serie, Director of Product Management at Experian Health, says:   “The goal is to give patients the same exceptional experience and care, regardless of when or how they complete patient intake. Using the same tools that we know our patients are already comfortable with will help to ensure an inclusive approach.”   Digital technology can support a multichannel approach, for example, using automated dialers to make phone calls where mobile apps aren’t an option, or using patient data to segment individuals according to contact preferences. Re-engaging hesitant patients The CDC reported in September 2020 that around 40% of adults delayed care due to the pandemic. While more recent data suggests fewer patients are deferring care, some experts worry that patient volumes won’t return to normal until 2022. How can providers ease the return to care?   Online health portals were helpful in keeping people out of facilities during the pandemic – can they now serve a different purpose in reminding patients to come in for check-ups?   Patients will need clear information about what protocols to follow during patient intake and what to expect from virtual waiting rooms, as well as reassurance that the experience will be safe. Streamlining patient access with accurate data Unlocking the digital front door made logistical sense during the pandemic. It’s even more critical as patient volumes drive back up. Providers will want to review their protocols to be sure that speedy implementation has not left that door open to costly data errors. Is the right information being collected at the right time?   Consumers are looking for flexible and accurate appointment slots for self-scheduling, and they want their financial ducks in a row as soon as possible with quick authorizations and coverage checks. Getting data right first time makes for a smoother patient experience, more efficient staff workflows and fewer claim denials down the line. Preparing for an uncertain future Looking ahead, patient intake protocols will need to be flexible enough to adapt to changing patient needs, particularly if there are further waves of the pandemic. Digital solutions can help providers prepare for the unexpected and shift from a reactive response in a crisis to a proactive step towards the future.   For many providers, future-proofing the patient intake experience is also an important remedy to the financial losses suffered during the pandemic. Digital solutions built on accurate data, consumer needs, accessible information can protect against further revenue loss by giving patients reliable ways to access and pay for care, no matter what the future holds.   Medicine is built on in-person care, but we don’t need to be face-to-face to fill out forms. Patient intake is one area where “the old way” doesn’t have to return. Find out more about how your organization can build on the pandemic’s digital legacy and create a leading patient intake experience.

As every healthcare executive knows, a healthy revenue cycle relies on precise paperwork. That’s why all Medicare providers should be paying close attention to the revised medical necessity form, which will be mandatory starting January 1, 2021. Failure to use the new Advance Beneficiary Notice of Non-coverage (ABN) form could lead to denied claims, financial penalties and a subpar patient experience. We interviewed Theresa Marshall, senior director of data compliance at Experian Health, about what’s changed and what providers can do to prepare. What is a medical necessity form? Medicare only pays for services and procedures considered “medically necessary.” In situations where a procedure isn’t considered medically necessary, providers must issue the patient with an ABN which ultimately transfers financial responsibility to the patient. Services that could be considered medically unnecessary might include treatment in hospital that could have been provided in a lower-cost setting, screening or therapies that are unrelated to the patient’s symptoms, or hospital stays that exceed a specified length of time. Perhaps a patient is receiving support with personal care from a home health agency – this may not be strictly medically necessary, so the provider might anticipate that it won’t be covered by Medicare. An ABN isn’t required for services that are never covered by Medicare, such as dental care or cosmetic surgery. What’s changed on the new medical necessity form? The new form, CMS-R-131, replaces the version released by CMS in June 2017. The main change is the addition of new instructions for Dual Eligible beneficiaries. These are patients who are eligible for both Medicare and Medicaid, and most likely enrolled in the Qualified Medicare Beneficiary Program (QMB), which means Medicaid pays for any Medicare-covered services. Providers must not levy any charges against QMB patients, or they’ll face sanctions. The new instructions specify that in addition to edits that strike through specific language, “dually eligible beneficiaries must be instructed to check Option Box 1 on the ABN for a claim to be submitted for Medicare adjudication.” How should providers prepare? Should they chose, providers can start using the new form now. The important thing to remember is that they must have the new form in place by the new year. Any outdated forms after the first of the year will be invalid. Many providers are still using manual processes which require checking medical necessity rules for both Medicare and commercial payers via the CMS website, then calculating and preparing the required paperwork themselves. This can be time-consuming and vulnerable to errors, which also results in denied claims and extra days in accounts receivable (A/R) – not to mention the extra stress it causes for patients. A time-saving alternative is an automated tool such as Experian Health’s Medical Necessity. With automation, you can validate clinical orders against payer rules quickly and accurately, for cleaner claims the first time around. Medical Necessity integrates seamlessly with multiple electronic medical records (EMR), scheduling and registration systems, to run automatic checks for medical necessity, frequency and duplication. With up to half of denied claims occurring early in the revenue cycle, any actions to minimize errors and delays during registration could bring big financial benefits. Medical Necessity from Experian Health will include an automatic check of a Medicare beneficiary’s QMB status ahead of the January 2021 deadline, so the electronic ABN can be updated immediately, ready for the patient’s signature. Could this improve the patient experience? Yes, definitely. In addition to reducing manual processes, preventing denied claims and protecting against lost revenue and financial sanctions, automating medical necessity checks also creates a much less stressful experience for patients. For individuals who are financially vulnerable, any lack of clarity about their medical bills can be a huge source of worry. But when providers can quickly identify patients who shouldn’t be charged, the billing experience is a much smoother ride. Medical Necessity is just one of the many ways that Experian is working to reduce the burden on hospital resources, improve patient experiences, and ensure that hospitals are fully compensated for the care they provide. Find out how we can help your organization get your paperwork in order in time for the new ABN requirements in January 2021, so you can offer a better patient experience and reduce claim denials at the same time.

Experian Health received full accreditation with the Healthcare Network Accreditation Program (HNAP) as a clearinghouse from the Electronic Healthcare Network Accreditation Commission (EHNAC). EHNAC’s HNAP accreditation recognizes Experian Health’s excellence in health data processing and transactions, and ensures compliance with industry-established standards and HIPAA regulations. Through EHNAC’s comprehensive third-party review, Experian Health was evaluated in areas of privacy measures, systems availability and security infrastructure. In addition, EHNAC reviewed the organization’s process of managing and transferring protected health information and determined that the organization meets or exceeds all EHNAC criteria and industry standards. Through completion of the rigorous accreditation process, the organization demonstrates to its constituents, adherence to strict standards and participation in the comprehensive, objective evaluation of its business. “At a time when regulatory concerns are keeping healthcare leadership awake at night, a company’s decision to take the necessary steps to ensure trust within its stakeholders and customers that they’re adhering to the latest standards in privacy, security and confidentiality is an important accomplishment,” said Lee Barrett, executive director of EHNAC. “Attaining EHNAC HNAP accreditation requires companies demonstrate full commitment to ensuring the security and privacy of health data processing and transactions for their customers and provides a ‘seal of approval’ indicating Experian Health exceeds industry-established standards and complies with HIPAA regulations.” Please click here to learn more about Experian Health’s industry leading solutions.

Experian Health, the healthcare industry leader for automating, integrating and transforming the front and back end revenue cycle management process, is committed to securely managing patient data and other healthcare transactions. To that end, Experian Health today announced that its applications* have earned HITRUST CSF® Certified status for information security to manage risk, improve security posture and meet compliance requirements. HITRUST CSF Certified status demonstrates that Experian Health has met key regulations and industry-defined requirements and is appropriately managing risk. This achievement places Experian Health in an elite group of organizations worldwide that have earned this certification. By including federal and state regulations, standards and frameworks, and incorporating a risk-based approach, the HITRUST CSF helps organizations address these challenges through a comprehensive and flexible framework of prescriptive and scalable security controls. “The HITRUST CSF has become the information protection framework for the health care industry, and the CSF Assurance program is bringing a new level of effectiveness and efficiency to third-party assurance,” said Ken Vander Wal, Chief Compliance Officer, HITRUST. “The HITRUST CSF Certification is now the benchmark that organizations required to safeguard PHI are measured against with regards to information protection.” Please click here to learn more about Experian Health’s industry leading solutions. *The following Experian Health applications have earned Certified status for information security by HITRUST: Eligibility Clearinghouse (NOA, TN and MPV), Claims, Coverage Discovery, Coordination Of Benefits (COB), Clinical Data Clearinghouse, Premium EDI, eCareNext, OneSource, ClaimSource, Patient Self-Service, BatchSource, Care Coordination, Search America, MPV portal (mediconnect.com)  

To help our clients keep up with regulatory changes, Experian Health will provide quarterly legislation updates: Q1 2018 updates  North Carolina Data Breach Legislation In North Carolina legislation has been proposed that would require notice to be made within 15 calendar days of discovery of a data breach. If passed, North Carolina will have one of the most onerous breach notification laws in the country. For comparison, California’s notice requirement is 15 business days. North Carolina’s current statute requires notice without “unreasonable delay.” Alabama Data Breach Legislation On March 21 South Dakota’s data breach notification bill was signed into law, leaving Alabama as the only state without a data breach notification law. However, Alabama is working to change that. On March 1 the Alabama Senate unanimously voted to pass the bill containing the Alabama Data Breach Notification Act, sending it on to the Alabama House. (The House subsequently amended it and returned it to the Senate for concurrence.) The Act would require notification of affected individuals within 45 days of determination that (a) a breach has occurred and (b) the breach is reasonably likely to cause substantial harm. There would be no private right of action, but the Alabama Attorney General would be able to fine companies that fail to notify up to $5,000 per day.