I think a Bank's role in an 835 transaction is as a Clearinghouse for a provider, e.g. if a bank receives the standard transaction and converts it into a non-standard format for a provider (note: the bank can also be a business associate for the payer -- accepting non-standard and sending an 835, that will occur less often though). As a clearinghouse, the bank is subject to HIPAA.
If the Bank is not a clearinghouse, then they are certainly a business associate and the covered entity hiring the bank would have to require the bank, by contract, to be compliant. Ken Fody Independence Blue Cross -----Original Message----- From: Bill Bernath [mailto:[EMAIL PROTECTED]] Sent: Monday, April 29, 2002 3:58 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: questions on the appropriate way to reply when there are errors in a transaction request Whatever happened to the 'Covered Entity' concept? I would think that the bank is not one, so they would not be subject to becoming HIPAA compliant in any way. Good business practices should prevail here - JMHO - b Bill Bernath Blue Cross Blue Shield of North Carolina Privacy Office (919) 765-7006 [EMAIL PROTECTED] >>> <[EMAIL PROTECTED]> 04/29/02 03:24PM >>> Would you not have to have a "Chain of Trust" relationship, and a Trust Partner Agreement with the Bank in question for all importation exchange? I think so. Without it, you are liable. So the simple answer is, the bank would have to be HIPAA compliant for all areas and systems that receive and use that identified information. Sounds like a new business opportunity for a smart bank! HIPAA Compliant Banking Services!!! Any Bank VP's listening out there? Anyone own bank stock who wants to write a letter to your bank CEO? Regards, Dr. Tim McGuinness, Ph.D. Sr. Compliance Specialist & Solutions Architect Certified HIPAA Chief Privacy Officer DynTek Inc. www.dyntek.com -----Original Message----- From: Bill Chessman [mailto:[EMAIL PROTECTED]] Sent: Monday, April 29, 2002 1:31 PM To: '[EMAIL PROTECTED]' Subject: RE: questions on the appropriate way to reply when there are errors in a transaction request This may not be the right place to ask this question (and it might not even be reasonable or valid), but since the thread is running here, I might as well throw it out: If an 835 contains patient information (even the patient name) is sent to an organization not required to be HIPAA compliant, isn't it a violation of the patient's privacy rules? The bank may not use the information, but since it's in the transaction, it is visible to a (theoretically) unauthorized party. Best regards, Bill Chessman Peregrine Systems, Inc. ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy and enter your email address. ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy and enter your email address. CONFIDENTIALITY NOTICE: This E-Mail is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you have received this communication in error, please do not distribute and delete the original message. Please notify the sender by E-Mail at the address shown. Thank you for your compliance. ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy and enter your email address.
