The healthcare industry, like any profession, is not without its own set of acronyms and laws. In truth, healthcare has often followed the financial sector closely in regards to privacy law and regulations, albeit several years in arrears. With the introduction of the Affordable Care Act, the gap is quickly closing and may bring your institution along for the ride.
First, a review of some of the primary healthcare laws:
HIPAA is the Health Insurance Portability and Accountability Act of 1996. The primary goal of the law was to make it easier for people to maintain health insurance (COBRA), protect the confidentiality (Privacy Rule) and security (Security Rule) of healthcare information and to help the industry control administrative costs.
HITECH is the Health Information Technology for Economic and Clinical Health Act, enacted as part of the American Recovery and Reinvestment Act of 2009. The primary goal of the law was to promote the adoption and meaningful use of health information technology, as well as strengthen the civil and criminal enforcement of HIPAA.
PPACA (or ACA) is the Patient Protection and Affordable Care Act of 2010, which expands health insurance coverage, nondiscrimination requirements, and state health insurance exchanges, as well as impacting privacy requirements. Some of the requirements include adding accountability for financial institutions that provide medical lockboxes and other special services to healthcare providers and payers.
What do these mean to financial institutions?
Since 2012, the NACHA Operating Rules have allowed healthcare plans and providers to use the ACH network for healthcare claim payments and their related information. As of January, 2014, healthcare plans have been required to deliver payments via the Healthcare EFT Standard, NACHA’s CCD+ addenda, to providers upon request.
As a result of these changes, most receiving financial institutions should:
- Process healthcare ACH transactions and show compliance with applicable NACHA Operating Rules.
- Anticipate and prepare for questions about your financial institution’s ability to process healthcare payments, and your capability to provide re-association trace numbers in CCD+ addenda records to providers.
- Be aware of the potential exposure to Protected Health Information (PHI) and Personally Identifiable Information (PII) contained within healthcare transactions, and train staff accordingly to mitigate risk.
- Be aware that although the Health and Human Services (HHS) Interim Final Rule confirms an exemption for financial institutions performing CCD+ transactions, those providing services that go beyond originating or receiving a healthcare payments may want to consult with legal counsel to ensure compliance requirements with HIPAA are met.
Unlike our financial institution audits, most healthcare audits are primarily reactive; investigating cases in response to complaints, tips, or media reports. As we all know, change is inevitable, so how is your institution preparing if questions of exemption or compliance arise?
While we’re on the subject, let’s talk about payments in the healthcare industry. Mark Messick once said, “Healthcare providers are tired of being the “bank” for their patients.” Check out his post, The Future of Patient Payments, to read about the opportunities he believes that financial intuitions can capitalize on in the healthcare marketspace.
Robert J. Hudecek is the Senior Technical Product Manager for ProfitStars RemitPlus, providing intuitive and scalable remittance / lockbox item processing software for output to virtually any customer information system. Robert holds a Bachelors of Science degree from Southern Illinois University’s Aviation Management program and has logged over 2,500 flight hours in both general aviation and corporate aircraft. Robert has been a featured presenter at conferences, seminars, and industry meetings for community and tier one financial institutions alike. For 15 years, Robert has been a key resource for banks, credit unions, and commercial entities to enhance their back office item processing capabilities and operations profitability.