HDX fully respects the privacy rights of each individual and only uses an Individual's Protected Health Information (PHI) for the purpose(s) for which it was received, or as required by local, state, or federal laws. HDX receives PHI from our clients, usually Covered Entities such as healthcare providers or health plans; or from other EDI trading partners who have similar clients. HDX is a Healthcare EDI Clearinghouse that provides specific transaction and business services associated with treatment, payment, or healthcare operations, which are defined by each contract.
HDX does maintain records of all transactions we receive or transmit, which identifies the source of the transaction, the date and time the transaction was received, the type of transaction, where the transaction was delivered, the date and time the transaction was transmitted, and the disposition of the transaction. These records are used for accounting, auditing, and other business purposes and contain no PHI. When translation services are used for transaction processing, we will also store the entire source transaction and the resulting translated transaction, which may contain PHI. These records are only maintained to investigate questions or problems that could arise when the resultant translation is questioned or disputed. All of these records are securely maintained for seven years and are only used as described in this statement.
In some cases we may use certain de-identified health information in aggregation, meaning only health related data is collected from multiple patients, but no identifying patient information is collected with that health information. This aggregated data may be used to provide services to our clients related to their healthcare operations; or when permitted, to provide such information to appropriate health organizations, such as, State or Federal Public Health Departments for certain health studies; or for our own operational and management requirements.
The health information received or stored by HDX is kept secure at all times to maintain its confidentiality. This information is only accessed by computer programs that are designed to perform certain processing functions for which we received the data; or by authorized technical support staff who must maintain these computer programs and systems; or by our customer support staff while assisting our clients with questions or operational issues.
All HDX associates are required to protect and safeguard the privacy of Protected Health Information they may encounter through the course of their work. All associates of HDX have received privacy and security awareness training. Only those associates who have support responsibilities with a "need to know" to perform their job responsibilities have access to customer data, which may include patient PHI. Their access to this data is controlled and monitored.
HDX has policies and procedures in place to protect and safeguard the PHI we receive and/or maintain including workforce sanction policies for those who should violate these policies. HDX does not use, sell, or disclose PHI in any way for marketing or other purposes, except as permitted by contract or as required by law.
:: Integrated Eligibility Service
:: Payment Assessment
:: Patient Anticipated Cost of
:: Integrated Notifications,
Authorizations and Referrals
:: Claims Management Service
:: Electronic Remittance
:: Patient Friendly Statements
:: Lock Box Service