Healthcare and Financial Leaders Collaborate on Industry White Paper

Document addresses strategies for financial institutions to overcome the inherent compliance challenges of the HITECH Act and HIPAA

FARMINGTON, Conn. – August 16, 2010 – The Electronic Healthcare Network Accreditation Commission (EHNAC), HIMSS Medical Banking Project, NACHA—The Electronic Payments Association, and the Workgroup for Electronic Data Interchange (WEDI), today released a white paper, “Compliance Guidelines for Financial Institutions in the Healthcare Sector: HITECH and the HIPAA Privacy and Security Rules.”

The Health Information Technology for Economic and Clinical Health (HITECH) Act directly affects today’s financial institutions and their services for the healthcare sector by modifying and amplifying existing data privacy and security rules for protected healthcare information under the Health Insurance Portability and Accountability Act (HIPAA). This white paper addresses those issues by assisting financial institutions in evaluating eligibility and building a compliance program.

Authors of the white paper included specialists in financial services, healthcare, regulatory compliance, and privacy and security from the four organizations and other key stakeholder participants. As an industry resource, the white paper covers the applicable regulations and their implications for financial institutions, in addition to the following guidelines:

  • HIPAA’s application and status
  • Internal reporting infrastructure
  • Risk analysis
  • Technology systems
  • Communications planning
  • Workforce training
  • Third-party compliance tool sets

“Banks, revenue cycle management firms, and other financial service firms that process protected health information must adhere to the HITECH Act’s strict and sometimes complex standards for privacy, security and processing,” says Lee Barrett, executive director of EHNAC. “EHNAC is proud to collaborate with these respected and influential industry stakeholders to provide better compliance education for those processing payments and other financial transactions in healthcare.”

Jim Schuping, executive vice president/CEO of WEDI adds: “This white paper will serve as an excellent education tool providing guidance to the financial services industry and other interested parties seeking strategies for compliance with the current HIPAA and HITECH Act’s requirements. WEDI is very pleased to be a participant in this industry partnership.”

“The release of this cross-industry-sponsored guide is both timely and necessary since, facilitated by the Affordable Care Act, the industry is now focused on transforming the business of healthcare from paper to electronic processes,” said John Casillas, senior vice president, HIMSS Medical Banking Project. “Banks, financial institutions and healthcare financial systems consider privacy and security a priority, but the guide will help clarify the impact of HIPAA and HITECH legislation on operations as we collectively pursue efficient electronic business processes in healthcare.”

“Financial institutions across the country have been and continue to play a significant role in providing services that help to streamline payment processes for their business customers in healthcare,” said Janet O. Estep, NACHA president and CEO. “NACHA welcomed the opportunity to participate in this dialogue and support the creation of a resource that will serve as a strong reference for those processing healthcare payments.”

The white paper builds on an earlier paper entitled “Financial Services Current State in Healthcare,” which addresses the current state of health data protection needs within the financial services industry.


The Electronic Healthcare Network Accreditation Commission (EHNAC) is a voluntary, self-governing standards development organization (SDO) established to develop standard criteria and accredit organizations that electronically exchange healthcare data. These entities include electronic health networks, payers, financial services firms, health information exchanges and e-prescribing solution providers. EHNAC was founded in 1993 and is a tax-exempt 501(c)(6) nonprofit organization. Guided by peer evaluation, the EHNAC accreditation process promotes quality service, innovation, cooperation and open competition in healthcare. To learn more, visit or contact


HIMSS is a cause-based, not-for-profit organization exclusively focused on providing global leadership for the optimal use of information technology (IT) and management systems for the betterment of healthcare. Founded 50 years ago, HIMSS and its related organizations have offices in Chicago, Washington, DC, Brussels, Singapore, Leipzig, and other locations across the United States. HIMSS represents more than 30,000 individual members, of which two thirds work in healthcare provider, governmental and not-for-profit organizations. HIMSS also includes over 470 corporate members and more than 85 not-for-profit organizations that share our mission of transforming healthcare through the effective use of information technology and management systems. HIMSS frames and leads healthcare practices and public policy through its content expertise, professional development, and research initiatives designed to promote information and management systems’ contributions to improving the quality, safety, access, and cost-effectiveness of patient care. To learn more about HIMSS and to find out how to join us and our members in advancing our cause, please visit our website at

About NACHA—The Electronic Payments Association

NACHA supports the growth of the ACH Network by managing its development, administration, and governance. The ACH Network facilitates global commerce by serving as a safe, efficient, ubiquitous, and high-quality electronic payment system. NACHA represents nearly 11,000 financial institutions through 18 regional payments associations and direct membership. Through its industry councils and forums, NACHA brings together payments system stakeholder organizations to encourage the efficient utilization of the ACH Network and develop new ways to use the Network to benefit its diverse set of participants. Visit NACHA’s Healthcare Payments Resource Page for detailed healthcare-specific efforts. To learn more about the organization, visit,, and

About WEDI

Workgroup for Electronic Data Interchange is a non-profit healthcare association dedicated to promoting the standardization of healthcare data and data exchange. WEDI’s membership includes providers, payers, integrated delivery networks, vendors, consumers, government organizations and standards groups. WEDI helped to secure the passage of the Health Insurance Portability and Accountability Act (HIPAA) in 1996, and was designated as an official Advisor to the Secretary in the legislation, acknowledging its influence and unique position in the healthcare industry. For additional information, visit