|
Brett,
I agree with Stanley's remarks about the pains of a bank who
tries to be a conduit.
I'd guess that most banks will opt out of handling CTX
transmittions containing 835 data, leaving payers / receivers with the
option of using separate paths, and then all the pains of re-association.
I would suggest that all software vendors look toward ways to
make this easy as a new business opportunity.
The opinions expressed here are my own and not necessarily the opinion of
LCMH.
Douglas M. Webb Computer System Engineer Little Company of Mary
Hospital & Health Care Centers [EMAIL PROTECTED]
"This electronic message may contain information that is confidential
and/or legally privileged. It is intended only for the use of the individual(s)
and entity(s) named as recipients in the message. If you are not an
intended recipient of the message, please notify the sender immediately,
delete the material from any computer, do not deliver, distribute, or copy this
message, and do not disclose its contents or take action in reliance on the
information it contains. Thank you."
----- Original Message -----
Sent: Friday, March 21, 2003 11:30
AM
Subject: RE: 837I and 837P
Doug,
Going forward, there are definitely going to be
issues with banks using
the ACH for 835 distribution. Last Friday, the
Medical Banking Project
hosted a telebriefing on the Security Rule. Stanley
Nachimson
participated and had this to say about PHI in a banking context
(full
transcript available on their web site at
mbproject.org):
"...you've got to worry about first of all the storage
on your site, on
the bank's site, to make sure that only the right people
are accessing
that information and able to send it. Secondly, you've got to
make sure
that the transmission is protected, that as the information is
being
sent it's possibly encrypted or there's another method that's being
used
to protect the information so that if it's intercepted nobody can
see
it. And you also want to make sure that it's clearly going to the
right
place in the provider's office and that only the right folks in
the
provider really have access to that information. So I think there are
a
series of controls that would have to be implemented."
Therefore,
for the bank to be a "conduit" (as opposed to a covered
entity or business
associate), the PHI contained in an 835 has to be
transmitted in such a way
that the originating bank, the ACH, the
Federal Reserve, and the receiving
bank do not have access to the PHI.
Only the provider, and actually "only
the right folks in the provider"
can see the PHI contained in the 835. As
has been discussed here before,
"addressable" encryption doesn't mean you
don't have to encrypt, it
means you have to prove 6 ways to Sunday that you
don't need to encrypt
or to have an equally secure method/technology. It
also means that the
word "encrypt" may be meaningless at some point in the
future, so do
whatever current technology requires you to do to fulfill the
intent of
the Privacy regs. Today, in nearly every case, that means
encrypt. Most
originating banks are not prepared at this point to accept an
encrypted
835 and send it on through the ACH, and most receiving banks are
not
prepared to extract that encrypted data from the unencrypted CTX
and
pass that on to the provider for them to then finally
decrypt.
Those are the issues for the bank to be a "conduit". Now, if
both the
originating bank (with the payer) and the receiving bank (with
the
payee/provider) signs business associate agreements, then they
could
access the PHI (receive it from the payer/deliver it to the
provider).
And if the bank modifies the information in any way, they would
then be
a health care clearinghouse, and a covered entity.
NACHA rules
(IV-II-C "RDFI OUTPUT" on page OG 99 of the 2003 ACH rules)
state that if a
receiving bank cannot deliver the EDI data enveloped in
a CTX (the 835) in
it's native format to the payee, they are required to
deliver it in
whatever manner they can. If an RDFI delivers the
remittance in any format
other than the passed-in 835, they are
inherently a covered entity
translating from standard to nonstandard.
Since NACHA rules require this of
receiving banks, those receivers have
a business decision to make regarding
their continuing ability to
receive CTX transmissions containing 835
remittance data.
Brett Hacker, CIO
Remettra,
Inc.
866-226-9641
-----Original Message-----
From: Doug Webb
[mailto:[EMAIL PROTECTED]
Sent: Thursday, March 20, 2003 3:20 PM
To: WEDI
SNIP Transactions Workgroup List
Subject: Re: 837I and
837P
Billie Jo,
Direct Deposit requires that the receiver of the
funds (provider) supply
the sender (payer) with bank inofomation.
This is generally done once
(when the provider signs up to receive ACH
payments), and then applies
until revoked. For this reason, bank
information is not placed on the
837.
Direct Deposit of my paycheck
and my mom's Social Security check works
the same way.
Note that you
can sign up for either ACH payments, the 835, or both. If
the banks
at both ends are capable of handling a data record the size of
the 835,
then the banks can be a conduit of 835 information to the
provider.
Many smaller banks do not offer this service.
The opinions
expressed here are my own and not necessarily the opinion
of
LCMH.
Douglas M. Webb
Computer System Engineer
Little Company of
Mary Hospital & Health Care Centers
[EMAIL PROTECTED]
"This electronic
message may contain information that is confidential
and/or legally
privileged. It is intended only for the use of the
individual(s) and
entity(s) named as recipients in the message. If you
are not an
intended recipient of the message, please notify the
sender
immediately, delete the material from any computer, do not
deliver,
distribute, or copy this message, and do not disclose its contents
or
take action in reliance on the information it contains. Thank
you."
----- Original Message -----
From: Adams,
Billie Jo
To: WEDI SNIP Transactions Workgroup List
Sent: Thursday,
March 20, 2003 02:23 PM
Subject: 837I and 837P
How are people
handling bank information that is needed for the 835?
There are no fields
on the 837 to pass to the 835 for banking
information.
All
responses are appreciated.
Billie Jo Adams
Project
Analyst
World Insurance Company
---
The WEDI SNIP listserv
to which you are subscribed is not moderated. The
discussions on this
listserv therefore represent the views of the
individual participants, and
do not necessarily represent the views of
the WEDI Board of Directors nor
WEDI SNIP. If you wish to receive an
official opinion, post your question
to the WEDI SNIP Issues Database at
http://snip.wedi.org/tracking/.
These listservs should not be used for
commercial marketing purposes or
discussion of specific vendor products
and services. They also are not
intended to be used as a forum for
personal disagreements or unprofessional
communication at any time.
You are currently subscribed to
wedi-transactions as: [EMAIL PROTECTED]
To
unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank
email to
[EMAIL PROTECTED]
If
you need to unsubscribe but your current email address is not the
same as
the address subscribed to the list, please use the
Subscribe/Unsubscribe
form at http://subscribe.wedi.org
---
The WEDI SNIP listserv to which you are subscribed is not
moderated. The
discussions on this listserv therefore represent the views
of the
individual participants, and do not necessarily represent the views
of
the WEDI Board of Directors nor WEDI SNIP. If you wish to receive
an
official opinion, post your question to the WEDI SNIP Issues Database
at
http://snip.wedi.org/tracking/.
These listservs should not be used for
commercial marketing purposes or
discussion of specific vendor products
and services. They also are not
intended to be used as a forum for
personal disagreements or unprofessional
communication at any time.
You are currently subscribed to
wedi-transactions as:
[EMAIL PROTECTED]
To
unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank
email to
[EMAIL PROTECTED]
If
you need to unsubscribe but your current email address is not the
same as
the address subscribed to the list, please use the
Subscribe/Unsubscribe
form at http://subscribe.wedi.org
---
The WEDI SNIP listserv to which you are subscribed is not
moderated. The discussions on this listserv therefore represent the views of
the individual participants, and do not necessarily represent the views of the
WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official
opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.
These listservs should not be used for commercial marketing purposes or
discussion of specific vendor products and services. They also are not
intended to be used as a forum for personal disagreements or unprofessional
communication at any time.
You are currently subscribed to
wedi-transactions as: [EMAIL PROTECTED]
To
unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank
email to [EMAIL PROTECTED]
If
you need to unsubscribe but your current email address is not the same as the
address subscribed to the list, please use the Subscribe/Unsubscribe form at
http://subscribe.wedi.org
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.
You are currently subscribed to wedi-transactions as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
|
