STATEMENT OF INGENIX INC ON PERSONAL HEALTH DATA AND PRIVACY:

Data Privacy and Security
Health care data can be confidential and Ingenix is committed to maintaining the privacy and security of it. We have attained independent certification of our security procedures through CyberTrust, a global information security services company, by demonstrating that we meet widely recognized and accepted measures to safeguard information assets. Ingenix has implemented policies, procedures and training in order to comply with the standards of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and Security Rule.

Privacy and Security
Ingenix and its products support customers’ internal HIPAA compliance programs. Ingenix products are designed such that use of those products will not cause an otherwise HIPAA-compliant program to become non-compliant.

Ingenix is a Hybrid Entity, under HIPAA definitions, given the variety of products and services Ingenix has to offer customers. Ingenix clearinghouse services and provider billing services are sometimes considered activities of a covered entity and sometimes performed as a business associate to other covered entities. Ingenix is also considered a business associate for many of its products and services when covered entity customers such as a health plan, self insured employer group or health care provider, grant Ingenix access to their protected health information (PHI) in order to perform services for the covered entity. Ingenix has entered into appropriate business associate agreements with its covered entity customers from which it receives patient identifiable data.

Ingenix has appointed Ingenix Compliance Liaisons, who are representatives from each Ingenix business unit. Ingenix Compliance and the business unit Liaisons implemented the initial compliance requirements of the Privacy and Security Rule and continue to maintain existing compliance procedures as well as implement new compliance requirements. In addition, the Liaisons act as resources on HIPAA privacy and security issues within their business units. Each business unit Compliance Liaison is responsible for coordinating HIPAA privacy and security requirements in their area.

Ingenix has also appointed a security team that is responsible for informing employees of security policies and procedures, providing security guidelines for new tools and techniques to maintain compliance, managing and controlling dissemination of security information, and maintaining maximum compliance with incident response and security patch management actions.
Education & Awareness

Ingenix employees have completed a three-tiered privacy awareness-training program. The first tier requires all Ingenix employees to understand the basic principles of privacy. The second tier centers on privacy and HIPAA-related policies. The third tier of privacy training is focused on privacy procedures specific to each Ingenix business unit. New Ingenix employees complete the training promptly. All employees receive ongoing training.

Ingenix has also implemented a two-tiered security awareness-training program. The first tier requires all Ingenix employees to understand the basic principles of security. The second tier involves security awareness training and additional technical training for our information technology staff. Employees receive ongoing training.

Protected Health Information
Ingenix has developed a methodology that allows the performance of certain research, analysis and other services using data that is “de-identified” under HIPAA, rather than patient-identifiable “protected health information.” Ingenix has worked with recognized industry experts on de-identification methodology to comply with HIPAA requirements.

Ingenix stores customers’ patient-identifiable medical information in secure computer systems with strict access controls. Access to the data is permitted only as needed to perform company responsibilities. In addition, Ingenix employs administrative, physical, and technical security controls to maintain the confidentiality of customer data.

Transactions, Code Sets, and Identifiers
Ingenix closely monitors new codes, formats, and identifiers as they are defined by new regulations. As new identifiers, codes and formats are finalized, our products and services will respond to the new industry requirements.

ENS’ leading-edge health care transactions platform, Health-e Exchange, offers a single interface to conduct all HIPAA-defined transactions between payers and providers nationally, minimizing paper-intensive and labor-intensive processes.

Outside of Ingenix clearinghouse and provider billing services, many Ingenix customers send data to Ingenix for research or analytical purposes. HIPAA has not defined a standard transaction for research or analytics, so Ingenix will continue to accept the transaction formats our customers use to send data to Ingenix.

http://www.ingenix.com/AboutUs/HIPAA/

Related News:

Tags: , , , , , , , , , , , , , , , , , , , , , , ,