HIPAA Regulatory Alert: Payment processes could be changed
HIPAA Regulatory Alert: Payment processes could be changed
Encryption requirements eliminated
Medical Banking Project founder John Casillas says that one of the changes in the final HIPAA security rule eliminated any requirement to encrypt electronically transmitted protected health information, even over the Internet or other open networks. Encryption now is an "addressable" implementation specification, which means that a provider or payer organization must determine if it is appropriate to use the technology. Encryption was one of many required procedures or technologies in the proposed rule that now are addressable as the Department of Health and Human Services seeks to make the final rule more scalable for health organizations of all types and sizes.
Casillas says that many providers implementing the security rule likely will decide encryption is a reasonable and appropriate way to protect data, but their trading partners may not agree. One area providers will have to consider is the electronic transmission of payment information — including protected health information — between providers, payers, and financial institutions.
For instance, an insurer may electronically transmit to its bank a payment file containing payment instructions for a batch of claims from multiple providers. The bank will transmit the file to the banking industry’s automated clearinghouse network, which transmits the payments to the appropriate banks serving the providers listed in the payment file. The individual banks then will transmit electronic remittance advices that contain protected health information to their provider customers.
Technically, under the final security rule, none of these transfers of information need be encrypted. But to protect themselves from liability, providers will have to demand that their payers and financial institutions adequately encrypt the data. "That’s inevitable," Casillas adds. "Providers are the ones on the line and will want to make sure their data is protected throughout the entire banking system."
Medical Banking Project founder John Casillas says that one of the changes in the final HIPAA security rule eliminated any requirement to encrypt electronically transmitted protected health information, even over the Internet or other open networks.Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.