ClaimRev Support Documentation

User Tools

Site Tools

Trace: openemr_manual
guides:contacting-support

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
guides:contacting-support [2026/05/18 16:26] – [Questions] brad.sharpguides:contacting-support [2026/05/18 16:30] (current) – Reframe verification as ClaimRev policy (drop HIPAA/EHNAC requirement claims) brad.sharp
Line 3: Line 3:
 When you call ClaimRev support — or when one of our agents answers a chat or video call from outside the in-app support flow — they need to confirm you are who you say you are before discussing claim details, account configuration, or anything else tied to your account. When you call ClaimRev support — or when one of our agents answers a chat or video call from outside the in-app support flow — they need to confirm you are who you say you are before discussing claim details, account configuration, or anything else tied to your account.
  
-This guide explains **why** that matters and **how** the identity check works on your end. The whole thing takes about ten seconds.+This guide explains **why** ClaimRev does this and **how** the identity check works on your end. The whole thing takes about ten seconds.
  
 ===== Why We Verify Identity ===== ===== Why We Verify Identity =====
Line 9: Line 9:
 The phone number a call comes from, the name on Caller ID, and the email address someone gives over the phone are all easy to fake. Without a way to confirm the caller is actually who they claim to be, anyone who knows a little bit about your organization could call us, pretend to be one of your users, and try to extract patient data, change account settings, or send claim files somewhere they shouldn't go. The phone number a call comes from, the name on Caller ID, and the email address someone gives over the phone are all easy to fake. Without a way to confirm the caller is actually who they claim to be, anyone who knows a little bit about your organization could call us, pretend to be one of your users, and try to extract patient data, change account settings, or send claim files somewhere they shouldn't go.
  
-Verifying identity on every off-portal contact protects:+It's ClaimRev's policy to verify identity on every off-portal contact before disclosing or modifying anything customer-specific. This protects:
  
-  * **Your patients** — claim and remittance data is Protected Health Information (PHI) and we're legally required to keep it confidential under HIPAA.+  * **Your patients** — claim and remittance data is sensitive health information that should only be shared with the people authorized to see it.
   * **Your organization** — account-level changes, integration credentials, and audit history are off-limits to anyone who can't prove they're authorized.   * **Your organization** — account-level changes, integration credentials, and audit history are off-limits to anyone who can't prove they're authorized.
   * **You personally** — if someone impersonates you and we act on it, your account ends up on the hook for actions you never took.   * **You personally** — if someone impersonates you and we act on it, your account ends up on the hook for actions you never took.
Line 77: Line 77:
   * Wait an hour and try again, or   * Wait an hour and try again, or
   * Ask the agent to call you back and start the verification from their end (the per-user limit doesn't apply to in-flight cancelled or successful verifications, so a fresh code from the agent will work for most cases), or   * Ask the agent to call you back and start the verification from their end (the per-user limit doesn't apply to in-flight cancelled or successful verifications, so a fresh code from the agent will work for most cases), or
-  * If it's urgent, ask the agent to escalate to ClaimRev's Security & Compliance team.+  * If it's urgent, ask the agent to escalate the situation.
  
 ==== "I'm not getting emails from ClaimRev at all." ==== ==== "I'm not getting emails from ClaimRev at all." ====
Line 89: Line 89:
   * Read your registered email address back to you so you can confirm it.   * Read your registered email address back to you so you can confirm it.
   * Send the code to your email and portal — only to those, never to a phone number, a different email, or anywhere else.   * Send the code to your email and portal — only to those, never to a phone number, a different email, or anywhere else.
-  * Confirm the verification record before disclosing anything PHI-related or making account changes.+  * Confirm the verification record before disclosing anything sensitive or making account changes.
   * Cancel and reissue if something goes wrong.   * Cancel and reissue if something goes wrong.
  
Line 97: Line 97:
   * **Skip verification** because you sound stressed, because you're "in a hurry", or because you've called many times before. Every off-portal call gets verified.   * **Skip verification** because you sound stressed, because you're "in a hurry", or because you've called many times before. Every off-portal call gets verified.
   * **Change your email or password over the phone.** Those require either a portal session you're already logged into, or an admin on your account.   * **Change your email or password over the phone.** Those require either a portal session you're already logged into, or an admin on your account.
-  * **Disclose PHI before verification.** If you haven't verified yet, they won't discuss claims, payments, or anything patient-specific — not even to confirm what you already know.+  * **Disclose patient or claim data before verification.** If you haven't verified yet, they won't discuss claims, payments, or anything patient-specific — not even to confirm what you already know.
  
 ===== What Happens to the Verification Record ===== ===== What Happens to the Verification Record =====
Line 103: Line 103:
 Every verification — successful, failed, expired, or cancelled — creates an audit record in ClaimRev's systems. The record includes who the agent was, who the user is, the account, the channels the code was sent through, and the outcome with timestamps. The plaintext code is never stored — only a one-way cryptographic hash of it. Every verification — successful, failed, expired, or cancelled — creates an audit record in ClaimRev's systems. The record includes who the agent was, who the user is, the account, the channels the code was sent through, and the outcome with timestamps. The plaintext code is never stored — only a one-way cryptographic hash of it.
  
-Records are retained for at least **30 days**. They may be retained longer to support incident investigations or compliance reviews under HIPAA and EHNAC accreditation requirements.+Records are retained for at least **30 days** and may be retained longer when needed for incident investigations.
  
 You can request a copy of your own verification history from your account administrator or by contacting support. You can request a copy of your own verification history from your account administrator or by contacting support.
Line 115: Line 115:
 ==== "What if I'm calling about an emergency and don't have time?" ==== ==== "What if I'm calling about an emergency and don't have time?" ====
  
-The verification takes under a minute. Skipping it isn't an option — the agent literally can't disclose anything until your status shows verified on their dashboard. If you're in a genuine emergency and can't access your email, tell the agent and they can escalate to our Security & Compliance team for an out-of-process override.+The verification takes under a minute. The agent will hold off on disclosing anything until your status shows verified on their dashboard. If you're in a genuine emergency and can't access your email, tell the agent and they can escalate the situation.
  
 ==== "Can I be verified for the whole day after a single check?" ==== ==== "Can I be verified for the whole day after a single check?" ====
Line 123: Line 123:
 ==== "What if I want to opt my organization out of this entirely?" ==== ==== "What if I want to opt my organization out of this entirely?" ====
  
-You can't opt out of verification when calling ClaimRev — it's how we comply with HIPAA's identity-confirmation requirements. You //can// disable the user-side //Verify me to support// menu item for your account: an admin can flip the **Self-Verify to Support** toggle off in the portal's **Communication Settings**. With that off, only the agent-initiated path (Option 1 above) is available. The verification itself still happens on every call.+You can't opt out of verification when calling ClaimRev — it's how we keep your account safe. You //can// disable the user-side //Verify me to support// menu item for your account: an admin can flip the **Self-Verify to Support** toggle off in the portal's **Communication Settings**. With that off, only the agent-initiated path (Option 1 above) is available. The verification itself still happens on every call.
  
 ==== "Will I see this for in-portal video calls too?" ==== ==== "Will I see this for in-portal video calls too?" ====
Line 131: Line 131:
 ===== Questions ===== ===== Questions =====
  
-For help with verification or anything else, contact ClaimRev support at [[mailto:help@claimrev.com|help@claimrev.com]] or call **1-918-842-9564**.+For help with verification or anything else, contact ClaimRev support at [[mailto:help@claimrev.com|help@claimrev.com]] or call **1-918-842-9564**.
  
guides/contacting-support.1779121618.txt.gz · Last modified: by brad.sharp
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki