This may not be the right place to ask this question (and it might not even be reasonable or valid), but since the thread is running here, I might as well throw it out: If an 835 contains patient information (even the patient name) is sent to an organization not required to be HIPAA compliant, isn't it a violation of the patient's privacy rules? The bank may not use the information, but since it's in the transaction, it is visible to a (theoretically) unauthorized party.
Best regards, Bill Chessman Peregrine Systems, Inc.
