Can anyone point me to a source to get more information on this topic? I just read an article that says Do Your Homework on HIPAA, but don't know where to go.

HIPAA is the Health Insurance Portability and Accountability Act. It has significant privacy requirements that could affect financial institutions, especially those involved with insurance affiliates. A couple of resources to start you off:
http://www.hcfa.gov/hipaa/hipaahm.htm http://www.hipaadvisory.com/

I found these and others by going to my favorite search engine, Google (www.google.com) and searching on HIPAA.

------------------
Jim Bedsole, CRCM, CBA, CFSA

Opinions expressed are my own, and do not necessarily reflect those of my employer.

FYI It's interesting to note that HIPAA was introduced in the mid 90's (and finally passed and enacted @ 1998) as primarily healthcare related legislation. One main consumer protection benefit that arose from this rather cumbersome Act was the "Certificate of Credible Coverage" that employers are now required to provide to their employees who leave for whatever reson, and who were previously covered by the group insurance plan. One could take this "cert" with them to a new employer, and enroll in the new health plan without the dreaded "pre-existing condition" clause affecting their eligibility. As far as the financial privacy issues are concerned, I have a gut feeling that GLB arose due to the lack of "teeth" that HIPAA privacy had.

The previous remarks are purely speculative in nature and are so not the opinion of my employer...

HIPAA may be applicable to banks that run lockbox services for hospitals or doctors. If
the bank takes remittances and merely forwards them to the hospital/doctor/clinic, there is no big HIPAA problem. If, however, the bank provides other services (keying in the remittance information and providing
it in electronic format to the biller, for example), then the privacy rule
will apply. The bank would be, in HIPAA terms, a "health care
clearinghouse".

When marketing HIPAA-covered products, you may want to avoid any reference to the product being "HIPAA compliant." If you think you must say something, say "we're HIPAA ready." There's so much uncharted territory within HIPAA even with the volumes of regs published already. Kind of reminds me of the early days of ADA.

------------------
Opinions expressed by this organic, non-digital compliance resource are its own, not those of its employer, and should not be construed as legal advice.