In an effort to help financial institutions understand how the HITECH Act and HIPAA directly affects their operations, four industry trade groups recently banded together to release a white paper “Compliance Guidelines for Financial Institutions in the Healthcare Sector: HITECH and the HIPAA Privacy and Security Rules.”
The intention of the paper is to educate bank and other financial executives on new reporting requirements and whether they must meet the HIPAA data privacy and security measures if they are providing services to the healthcare sector.
Sponsoring organizations for the paper include the Electronic Healthcare Network Accreditation Commission (EHNAC), HIMSS Medical Banking Project, NACHA – The Electronic Payments Association, and the Workgroup for Electronic Data Interchange (WEDI). Working together, the four groups hope to advance the cause of electronic claims processing while helping banks understand their role in improving efficiency within the healthcare industry.
“When HIPAA first came out, it was somewhat ambiguous for banks as to whether they needed to be a covered entity or could simply be a business associate,” said Lee Barrett, president and CEO of EHNAC. “With HITECH and additional provisions, whether you are operating as a business associate or a covered entity, you now have the same guidelines.”
While having greater clarity on the requirements banks must meet in order to be HIPAA-compliant is a good first step, it may also mean many banks need to play catch-up, if they have any intention helping to transform the industry via the electronic processing and payment of health insurance claims.
“What many organizations that are in healthcare have begun to realize is the complexity that a claim has versus a payment transaction,” Barrett stated. “If you take an 837 claim versus a payment transaction itself, the level of complexity, the level of data and information with that claim is exponentially more complex. They all have good starts and most already have a good infrastructure in place, but they are going to need to take it to a whole different level.”
In order to take it to that next level, banks and financial institutions will likely need to change their mindset.
“There are a lot of moving parts to being able to handle healthcare claims electronically,” noted John Casillas, senior vice president, Business Centered Systems at HIMSS. “It means the banks will need to go from being a money-changer to a health data processor.”
But according to James Schuping, executive vice president and CEO of WEDI, the clarification of HIPAA requirements regarding business associate versus covered entity status has spurred some banks to become more involved in developing their infrastructure to handle electronic claims.
“About a year ago, I would say many banks weren’t too gung-ho getting involved,” Schuping added. “At this point, their awareness is growing rapidly and they understand better why this is important. That is why it is important for [our organizations] to work together to educate the industry.”
