Accreditations & Certifications

The U.S. healthcare industry is regulated under mandates established by the U.S. Department of Health & Human Services (HSS) and Office of Civil Rights (OCR) resulting principally from the Health Insurance Portability and Accountability Act (HIPAA) and administrative simplification provisions of the Affordable Care Act (ACA) and other regulating entities and mandates.

To demonstrate our continued commitment to assure that applicable Change Healthcare products and services meet industry and regulatory requirements and expectations, we maintain the following industry recognized and trusted accreditations and certifications:

CAQH Core logo
EHNAC HNAP-EHN
EHNAC DTAAP-HISP - Privacy and Security
MHCC
PCI Compliance

CAQH CORE

CAQH

 

CAQH certifies and awards CORE Certification Seals to entities that create, transmit or use the administrative transactions addressed by applicable Operating Rules. CORE Certification means an entity has demonstrated that its IT system or product is operating in conformance with a specific phase(s) of the Operating Rules.

Change Healthcare is CAQH CORE Phase I, II, and III certified demonstrating that our associated IT systems and products are operating in conformance with effective standards and operating rules.

The CAQH link to our certification status can be found at http://www.caqh.org/core/core-certified-organizations-pending-and-current within the Clearinghouses and Vendors tabs.

The press release published on January 13, 2014 announcing our CORE Phase III certification can be found here.

Additional information regarding the Operating Rules for HIPAA transactions can be found on the Change Healthcare HIPAASimplified.com website.


EHNAC HNAP-EHN

EHNAC HNAP-EHN

 

Change Healthcare is EHNAC HNAP-EHN accredited.

 

The Electronic Healthcare Network Accreditation Commission (EHNAC) is a federally-recognized, standards development organization and tax-exempt, 501(c)(6) non-profit accrediting body designed to improve transactional quality, operational efficiency and data security in healthcare.

EHNAC indicates the following compliance benefits associated with accreditation:

  • Confirms HIPAA, ARRA/HITECH, Affordable Healthcare Act, Omnibus Rule and other regulatory compliance requirements
  • Fulfills Maryland and New Jersey state regulatory requirements
  • Identifies privacy, security, confidentiality and business risk exposures and mitigation strategies

EHNAC’s Healthcare Network Accreditation Program (HNAP) Electronic Health Network (EHN) assessment and review covers five main categories of criteria:

  • Privacy and confidentiality criteria include policies for securing PHI, system access controls, role-based user authentication and other related measures.
  • Technical performance criteria include transaction monitoring and processing capacity, response timeliness and accuracy, system availability, use of industry standard data formats and other infrastructure practices.
  • Business practices criteria include policies, procedures and contract standards to assure truth in advertising, ongoing customer satisfaction measurement, customer service and training, and other related measures.
  • Physical, human and administrative resources criteria include the organizational ability to sustain levels of service, maintain escalation procedures, and invest in professional development and other capabilities.
  • Security criteria include facility access, disaster recovery, business continuity, organizational safeguards, audit trails and other practices.

EHNAC requires that organizations complete the program every two years to maintain accreditation which includes a detailed criteria based assessment and EHNAC audit and site reviews. Change Healthcare has maintained our EHNAC Electronic Health Network accreditation since 2001.

Change Healthcare Certificate of Accreditation


EHNAC DTAAP-HISP - Privacy and Security

EHNAC DTAAP-HISP - Privacy and Security

 

Change Healthcare is EHNAC DTAAP-HISP Privacy & Security accredited.

 

The Electronic Healthcare Network Accreditation Commission (EHNAC) is a federally-recognized, standards development organization and tax-exempt, 501(c)(6) non-profit accrediting body designed to improve transactional quality, operational efficiency and data security in healthcare.

EHNAC’s Direct Trusted Agent Accreditation Program (DTAAP) Privacy & Security accreditation validates the mandatory privacy and security requirements as required by the DirectTrust Health Information Service Provider (HISP) accreditation program.

EHNAC/DirectTrust requires that organizations complete the program every two years to maintain accreditation which includes a detailed criteria based assessment and EHNAC audit and site reviews.  Change Healthcare has maintained our EHNAC DTAAP-HISP - Privacy & Security accreditation since 2014.


MHCC

MHCC

 

Change Healthcare is a Maryland Healthcare Commission (MHCC) certified Electronic Health Network (EHN).

 

The Maryland Health Care Commission is an independent regulatory agency whose mission is to plan for health system needs, promote informed decision-making, increase accountability, and improve access in a rapidly changing health care environment by providing timely and accurate information on availability, cost, and quality of services to policy makers, purchasers, providers and the public.

The Maryland Health Care Commission certifies Electronic Healthcare Networks that meet national standards for security, business processes, technical performance, privacy and confidentiality when transmitting patient health information.  As part of the evaluation process, MHCC reviews an EHN’s national accreditation site audit and recommends areas where enhancements would help reduce risks of exposure to data breaches.

Maryland Regulation 10.25.07, Certification of Electronic Health Networks and Medical Care Electronic Claims Clearinghouses, requires third party payors that accept electronic health care transactions originating in Maryland to accept electronic health care transactions only from MHCC certified EHNs.  MHCC-EHN certification demonstrates that Change Healthcare meets a number of national and local standards intended to ensure high quality business operations and the existence of sound privacy and security policies. MHCC certification represents to other networks, payers, and providers that Change Healthcare meets a reasonable level of quality and technical performance.

MHCC requires that EHN’s complete the evaluation process every two years to maintain certification.


PCI Compliance

PCI Compliance

 

The following Change Healthcare solutions are Payment Card Industry Data Security Standard (PCI DSS) certified:

 

Emdeon eCashiering..............................Now referred to as Receivables Advisor     
Emdeon Patient Pay Online...................Now referred to as Receivables Advisor
Emdeon Patient Payment Lockbox.......Now referred to as Receivables Advisor      
Emdeon Voice Pay (IVR)........................Now referred to as Receivables Advisor

This annual certification verifies that these Change Healthcare solutions have passed the rigorous standards promulgated by the PCI DSS.

The PCI DSS is a set of security requirements created by an association of credit card brands, including VISA, MasterCard and American Express intended to protect cardholder data (credit card data). The steady increase in electronic payment options available makes it extremely important to protect customers’ personal information. You can learn more about the PCI DSS and the standards it requires at www.pcisecuritystandards.org/security_standards.

Change Healthcare abides by all applicable PCI DSS requirements under which we secure any and all cardholder data that we store, process or transmit for our customers. This notification is part of the certification process.

Keeping our customers’ information secure is a top priority for Change Healthcare. We dedicate extensive resources to make sure personal medical and financial information is secure and we strive to build a company culture that reinforces trust at every opportunity.

We appreciate your continued partnership. If you have any questions about the Change Healthcare PCI Compliance efforts or the measures we’re taking to keep your data safe, please contact your account representative or the Security Compliance Team.