HIPAA/HITECH and Banks

Posted on June 19, 2012 by

Today’s healthcare providers must continue to diligently require business associate contracts from the banking/financial institution partners when there is access, use or disclosure of personal health information (PHI). This can happen in the cash management/lockbox setting, EDI department and other areas.

For example, when bank lockboxes are used to gather, collect and streamline payments management, processing the Explanation of Benefits (EOB) will result in the application of this important federal mandate as much of the information in the EOB is individually identifiable health information.

While this is old news to the nation’s largest banks, take note:

  • Many smaller banks may not be ready when their healthcare clients – health plans and healthcare providers – ask them to sign a HIPAA business associate contract; and  
  • Under HITECH, the penalties for non-compliance have been expanded into the business associate category, so the risk level for payments processing in healthcare has increased (from a banker’s perspective).

While many, if not most, banks already have the safety precautions called for in the federal regulations, a gap assessment is likely required; calls for proof are not uncommon in the business associate legal language.

To further identify the evolving best practices in this area, I will be representing HIMSS as a  panel member on June 27, from 1:30-3 p.m. ET, to discuss: Dispelling the Myth that Healthcare Regulatory Compliance is Inherently Addressed within Existing Controls.

The panel includes:

  • Lee Barrett, Executive Director, Electronic Healthcare Network Accreditation Commission (EHNAC)
  • John Casillas, Senior Vice President, HIMSS Medical Banking Project
  • Jan Estep, President, NACHA – The Electronic Payments Association
  • Alberto Casas, Vice President, CitiBank
  • Sharon Klein Esq, Pepper Hamilton LLP

This is a free webinar with information on: 

  • why the healthcare legislation of HIPAA, ARRA/HITECH and safeguarding protected heath information is so critical;
  • what the ramifications may be of not meeting compliance; and
  • what you can do to protect your organization and mitigate risk of PHI disclosure.

You can register here.

About John Casillas

John Casillas is Senior Vice President, HIMSS Financial-Centered Systems and HIMSS Medical Banking Project
This entry was posted in Business-Centered Systems, Health IT News and Developments, HIMSS News and Developments, Public Policy and tagged , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s