Please review the updated schedule for IP restriction enforcement. As of Friday, September 2, 2016 we have started turning on IP address restrictions state by state. Click below to view the full schedule. IP Conversion Schedule 11082016
Note: IP Restrictions for MA have been rescheduled for November 10.
Next week, we intend to turn on IP Address Restrictions for the following states:
WI 12/7/2016 Wednesday
IN 12/8/2016 Thursday
OH 12/9/2016 Friday
FL 12/13/2016 Tuesday
TN 12/14/2016 Wednesday
PA 12/15/2016 Thursday
TX 12/20/2016 Tuesday
CA 12/21/2016 Wednesday
IL 12/22/2016 Thursday
Note: Client and System Administrators should take the following actions.
- Request your External IP Range(s) from your Network Admin.
- Verify the IP(s) are loaded in the Self Service Portal.
- Add Contact Information for the person that will administer allowable IP’s.
Experian Health will enforce IP address validation at login by December 31, 2016. This change will prevent access to our products from unauthorized locations and is a precautionary measure that we are taking to enhance security for us and for our clients. IP address validation will be implemented for eCare NEXT, ClaimSource, and OneSource products for which your end users access through a web login.
- IP Conversion Schedule by State – November 2016
- Frequently Asked Questions
- IP Address Restriction Errors – Quick Reference Guide
- IP Address Validation – Quick Reference Guide
- Previous Client Bulletin – Update Reminder, IP Address Validation – 07202016 (.pdf)
Note that our Address Verification clients are already using IP address ranges. Our goal is to coordinate these changes with our clients so that users logging in within your established IP range are not affected. We recognize that many of our smaller client facilities and physician practices do not have a dedicated IT staff, and currently use dynamic IP addresses that are assigned by their Internet Service Provider (ISP) or carrier. Typically, a dynamic IP address is an IP address that is assigned by your ISP or carrier that may change from one week to the next, or is occasionally changed by your ISP or carrier to accommodate their subscribers.
Once Experian Health implements these new security protocols, managing these dynamic IP addresses may become problematic and even disruptive to your ability to process transactions. In this regard, we want to encourage you to contact your Internet Service Provider or carrier to request a static IP address, that can be assigned to your account. By requesting and using a static IP address, you will insure that your account is secure without any interruptions in your service.
As necessary, once you have obtained a static IP address for your facility or practice, you should register your static IP address with Experian Health as to avoid any disruptions.
How we need your help:
For your convenience, we have already loaded your most recently used IP addresses in our database and provided your super/self-service portal users access to add, delete, and edit IP ranges (see example below). We capture this list by client, and we are storing any IP address that has been used in the last 30 days.
Please verify the begin IP and end IP, ensuring that IP addresses for all of your locations are in range. Typically, a member of your network/IT team knows the outgoing (NAT’d) IP ranges from your organization. Our tool will accept this range, so there is no need for each user’s IP address to be entered. We include a description field so that you can identify ranges for reference or auditing purposes (see the picture below). You can edit a range by clicking on the pencil icon and delete a range by clicking on the X icon. Add a new IP range by entering the beginning and ending IP and including a description (user name, department, location, etc.).
We now also have an IP exceptions tool available that will allow you to quickly and easily add IP addresses from your users that were blocked at login.
If a user does try to access our products outside of the validated IP range, they will see one of the following errors. After our next development update, all three error messages will look like the OneSource error below. Clients can add to the security contacts list within the Self Service Portal so that a blocked user knows who to contact.
We are rolling out IP range restrictions to a pilot subset of our clients, followed by all others well in advance of the December deadline. You will receive further communication from us about the plan, timing and our available support during this change.
If your organization would like to switch over to only allowing validated IP address ranges now, please contact your Account Manager.
Thanks for your assistance!