HIPAA may be applicable to banks that run lockbox services for hospitals or doctors. If
the bank takes remittances and merely forwards them to the hospital/doctor/clinic, there is no big HIPAA problem. If, however, the bank provides other services (keying in the remittance information and providing
it in electronic format to the biller, for example), then the privacy rule
will apply. The bank would be, in HIPAA terms, a "health care
clearinghouse".
_________________________
...but I saved a lot on my auto insurance