Where do payments processors fit in with HIPAA?
Processors may have access to patient information through flex spending or processing for pharmaceuticals promotions. I am not familiar with payments issues around pharmaceuticals, but I suspect they are similar to payments issues for banks. HIPAA provides some exemptions from the regulations for payments. We understand that these were originally requested by the credit card companies for patient/doctor payments and by banks for the processing of checks. Neither credit cards nor checks contain patient information beyond the “minimum necessary” for payment. Payments by plans to providers require some protected healthcare information (PHI) to assure proper accounting for the payments. The prevailing opinions that we have seen argue that the exemption for payments processing no longer applies once there is PHI. We are not attorneys, but if we were dealing with attorneys, we would suggest they look at what is happening in banking. The Medical Banking Project is a great place to start. Have