HIPAA Compliance Statement

One of the general objectives of the Health Insurance Portability and Accountability Act (HIPAA) is to protect the health information of individuals against access without consent or authorization. Milliman Care Guidelines achieves HIPAA compliance by combining secure technology with appropriate policies and procedures.

Milliman Care Guidelines agrees that patient and client confidentiality are of utmost importance. All of our employees and subcontractors conform to HIPAA regulations by adhering to the following practices:

  • Require the utilization of a Business Associate Addendum (BAA) for all contracted clients
  • Not use or disclose any PHI except in the course of meeting our contractual obligations or as required by law
  • Ensure that agents or subcontractors working on our behalf agree to the same restrictions
  • Protect against any non-permitted use or disclosure of PH
  • Report any non-compliance of which we become aware
  • Upon termination of contract or upon request, if feasible, return or destroy all PHI received or created using our application
  • Have named a HIPAA Privacy Official who creates, maintains, and trains regarding our HIPAA policies and procedures
  • Have established that all employees with access to PHI receive training on our policies and procedures

Milliman Care Guidelines secure computing environment complements our policies and procedures. Our CareWebQI environment has been certified as NIST compliant by an independent 3rd party. Highlights include:

  • Type II SAS 70 Certified Data Centers
  • All electronic transactions are encrypted
  • User and facility role based security
  • Fully configurable password and session length administrative controls
  • Independent (single tenant) customer databases
  • All transactions within the system are audit trailed

HIPAA 4010/5010 Specific Compliance Statement

Information regarding the timeline for Milliman Care Guidelines to become HIPAA 5010 compliant is frequently requested by our clients. HIPAA 4010/5010 is a specific electronic transaction protocol related to claims adjudication. Milliman Care Guidelines does not handle data related to claims processing and therefore has no obligation to meet those requirements.

Please note that this site provides options for training only.

To receive a production demonstration, please contact your Account Manager.

To learn more:

Call 888-464-4746