Articles page     HIPAA page    

Are your clearinghouses ready for HIPAA compliance?

Banks May Have to Comply with the HIPAA Privacy Rule

WHAT IF you are a health care provider and you utilize a bank to process payments from insurance carriers and patients – must the bank abide by the HIPAA privacy rule?

Most likely the answer is "yes". If the bank utilizes a "lockbox" arrangement, the bank will be receiving payments for medical services, along with remittance advice, from insurance carriers. The bank may also be receiving payments directly from patients. Once the bank receives the payments, it deposits the moneys into the provider’s bank account. Oftentimes, the bank then takes the remittance advice and posts the information electronically to the provider’s accounts receivable systems. If so, this entire operation may cause the bank to fit into HIPAA’s definition of a clearinghouse.

Health care providers, payors and clearinghouses that transmit information are required to comply with HIPAA’s privacy rule. This privacy rule was enacted to minimize unauthorized disclosure of health care information.

A healthcare clearinghouse, under HIPAA, is defined as a public or private entity that "processes or facilitates the processing of health information received from one entity in a non-standard format or containing nonstandard data content into standard data elements or a standard transaction."

As we approach the HIPAA implementation deadline of April 2003, don’t forget to include your bank in your HIPAA compliance program if you are utilizing a lockbox arrangement. At a minimum, the bank may be considered a business associate in which case a separate agreement must be entered into with the bank in order to safeguard protected health information.

For more information, please Call or E-mail