µç³µÎÞÂë

Accreditations & Certifications

The U.S. healthcare industry is regulated under mandates established by the U.S. Department of Health & Human Services (HSS) and Office of Civil Rights (OCR) resulting principally from the Health Insurance Portability and Accountability Act (HIPAA) and administrative simplification provisions of the Affordable Care Act (ACA) and other regulating entities and mandates.Ìý
Ìý

To demonstrate our continued commitment to assure that applicable µç³µÎÞÂë products and services meet industry and regulatory requirements and expectations, we maintain the following industry recognized and trusted accreditations and certifications:Ìý

American Institute of Certified Public Accountants (AICPA) SOC 2®

µç³µÎÞÂë participates in the for its enterprise infrastructure and µç³µÎÞÂë Platform. The audit is based on the Trust Services Criteria (TSC) relevant to security and includes hosting services, end-user and internal support services, infrastructure, and physical and environmental controls. The scope of the audit includes both on-premises data centers and the intelligent cloud platform operating in the AWS, Azure, and Google Cloud environments.Ìý

The annual SOC 2 type 2 audit results in a formal audit report produced by a licensed accounting firm as mandated by the AICPA. SOC 2 reporting is an examination of controls at a service organization relevant to security, availability, processing integrity, confidentiality, or privacy. µç³µÎÞÂë's SOC 2 report details objectives the leadership team has established for enterprise infrastructure and µç³µÎÞÂë Platform systems.

The SOC 2 examination results in an opinion by considering the effect of any identified control deficiencies on a service organization's ability to meet its service commitments and system requirements based on the applicable trust services criteria.

CAQH CORE

CAQH certifies and awards CORE Certification Seals to entities that create, transmit or use the administrative transactions addressed by applicable Operating Rules. CORE Certification means an entity has demonstrated that its IT system or product is operating in conformance with a specific phase(s) of the Operating Rules.

µç³µÎÞÂë is CAQH CORE certified for the federally mandated operating rules supporting the Eligibility & Benefits, Claim Status, and Payment & Remittance transactions demonstrating that our associated IT systems and products are operating in conformance with effective standards and operating rules.

The CAQH link to our certification status can be found atÌýÌýwithin the Clearinghouses and Vendors tabs.

Additional information regarding the Operating Rules for HIPAA transactions can be found on the µç³µÎÞÂëÌýÌýwebsite.

Ìý

EHNAC HNAP-EHN

µç³µÎÞÂë is EHNAC HNAP-EHN and ePAP-EHNÌý.

The Electronic Healthcare Network Accreditation Commission (EHNAC) is a federally recognized standards development organization and tax-exempt, 501(c)(6) non-profit accrediting body designed to improve transactional quality, operational efficiency, and data security in healthcare.

EHNAC indicates the following compliance benefits associated with accreditation:

  • Reduce risk to PHI and operations through the demonstration of a risk management program with effective controls that appropriately minimize threats.
  • Prepare organizations for third party audits including 21st Century Cures Act; HIPAA/HITECH compliance audits that are now being conducted for the Office of Civil Rights (OCR); trading partner audits; and state compliance (EHNAC accreditation is required for processing healthcare transactions in the states of Maryland and New Jersey).
  • Enhance trust for customers, trading partners, and other stakeholders.

EHNAC’s Healthcare Network Accreditation Program (HNAP) Electronic Health Network (EHN) assessment and review covers five main categories of criteria:

  • Privacy and confidentiality criteria include policies for securing PHI, system access controls, role-based user authentication and other related measures.
  • Technical performance criteria include transaction monitoring and processing capacity, response timeliness and accuracy, system availability, use of industry standard data formats and other infrastructure practices.
  • Business practices criteria include policies, procedures, and contract standards to assure truth in advertising, ongoing customer satisfaction measurement, customer service and training, and other related measures.
  • Physical, human, and administrative resources criteria include the organizational ability to sustain levels of service, maintain escalation procedures, and invest in professional development and other capabilities.
  • Security criteria include facility access, disaster recovery, business continuity, organizational safeguards, audit trails and other practices.

EHNAC requires that organizations complete the program every two years to maintain accreditation which includes a detailed criteria-based assessment and EHNAC audit and site reviews. µç³µÎÞÂë has maintained our EHNAC Electronic Health Network accreditation since 2001.

µç³µÎÞÂë Certificates of Accreditation:Ìý

HHS Administrative Simplification Optimization Program

As a trusted industry leader and in support of our commitment to compliance, µç³µÎÞÂë volunteered and was selected to participate in the U.S. Department of Health & Human Services (HHS) Administrative Simplification Optimization Program pilot.ÌýThe program comprises a formal assessment by the National Standards Group (NSG) within the Centers for Medicare & Medicaid Services (CMS), to review compliance with federally mandated transaction standards, code sets, unique identifiers, and operating rules.

µç³µÎÞÂë is one of the first organizations certified by the NSGÌýdemonstrating that our Medical, Hospital, and Dental Exchange batch and real-time services and solutions have been reviewed for compliance with the Health Insurance Portability and Accountability Act (HIPAA) Administrative Simplification regulations and Affordable Care Act (ACA) Operating Rule provisions.

HHS Optimization Program Certificate

Ìý

MHCC

µç³µÎÞÂë is aÌý.

The Maryland Health Care Commission is an independent regulatory agency whose mission is to plan for health system needs, promote informed decision-making, increase accountability, and improve access in a rapidly changing health care environment by providing timely and accurate information on availability, cost, and quality of services to policy makers, purchasers, providers and the public.

The Maryland Health Care Commission certifies Electronic Healthcare Networks that meet national standards for security, business processes, technical performance, privacy and confidentiality when transmitting patient health information.Ìý As part of the evaluation process, MHCC reviews an EHN’s national accreditation site audit and recommends areas where enhancements would help reduce risks of exposure to data breaches.

Maryland Regulation 10.25.07, Certification of Electronic Health Networks and Medical Care Electronic Claims Clearinghouses, requires third party payers that accept electronic health care transactions originating in Maryland to accept electronic health care transactions only from MHCC certified EHNs.Ìý MHCC-EHN certification demonstrates that µç³µÎÞÂë meets a number of national and local standards intended to ensure high quality business operations and the existence of sound privacy and security policies. MHCC certification represents to other networks, payers, and providers that µç³µÎÞÂë meets a reasonable level of quality and technical performance.

MHCC requires that EHN’s complete the evaluation process every two years to maintain certification.

Ìý

NCQA

TheÌýÌý(NCQA) is a private, 501(c)(3) not-for-profit organization dedicated to improving health care quality by assessing and reporting on the quality of health-related programs. NCQA certification is a reliable indicator that an organization is well-managed and demonstrates the organization's commitment to meeting and maintaining industry developed quality standards.

NCQA's Healthcare Effectiveness Data and Information Set (HEDIS) Measure Certification is precise, automated testing that verifies compliance with HEDIS Specifications and satisfies the source code review portion of the HEDIS Compliance Auditâ„¢. Since its introduction in 1993, HEDIS has evolved to become the gold standard in managed care performance measurement. µç³µÎÞÂë has been providing certified HEDIS reporting solutions since 1997.

  • µç³µÎÞÂë’sÌýCompliance Reporterâ„¢Ìýsolution has been NCQA HEDIS Measures Certified every year since 2012. Compliance Reporterâ„¢ also supports Quality Assurance Reporting Requirements (QARR) measures as required in the state of New York.

NCQA's Physician and Hospital Directories certification validates quality measures for online solutions which help eligible individuals choose physicians and hospitals. µç³µÎÞÂë's Provider Directory solution has beenÌýÌýin all measures. µç³µÎÞÂë's Provider Directory solution helps members easily search and compare doctors, specialists, hospitals, imaging centers and more in a user-friendly interface. Combined with our cost transparency solution, Provider Directory empowers members to take a more active role in their health, guiding them to make smarter decisions for healthier outcomes.

Ìý

PCI Compliance

The following µç³µÎÞÂë solutions are Payment Card Industry Data Security Standard (PCI DSS) certified:

SmartPayâ„¢ eCashiering
SmartPayâ„¢ Consumer Pay Online
SmartPayâ„¢ Consumer Lockbox
SmartPayâ„¢ Phone Pay

This annual certification verifies that these µç³µÎÞÂë solutions have passed the rigorous standards promulgated by the PCI DSS.

The PCI DSS is a set of security requirements created by an association of credit card brands, including VISA, MasterCard and American Express intended to protect cardholder data (credit card data). The steady increase in electronic payment options available makes it extremely important to protect customers’ personal information. You can learn more about the PCI DSS and the standards it requires at www.pcisecuritystandards.org/security_standards.

µç³µÎÞÂë abides by all applicable PCI DSS requirements under which we secure any and all cardholder data that we store, process or transmit for our customers. This notification is part of the certification process.

Keeping our customers’ information secure is a top priority for µç³µÎÞÂë. We dedicate extensive resources to make sure personal medical and financial information is secure and we strive to build a company culture that reinforces trust at every opportunity.

We appreciate your continued partnership. If you have any questions about the µç³µÎÞÂë PCI Compliance efforts or the measures we’re taking to keep your data safe, please contact your account representative or the Security Compliance Team.

Contact Sales

Let's connect.