FSAP has positioned EHNAC as a nationally recognized accreditation authority for financial institutions and vendors who process protected health information, manage insurance payments, or provide revenue cycle management services. FSAP ensures that your organization follows HIPAA security and privacy rules, supports ASC X12N 835 for electronic remittance advice transactions, and meets a range of criteria applicable specifically to financial electronic health networks. FSAP-accreditation assures your customers that their business partner follows industry-established standards for processing payment and other transactions involving protected health information.
EHNAC evaluates each FSAP applicant against sixteen financial criteria and three criteria that apply exclusively to financial and banking electronic health networks. Organizations are evaluated on technical requirements, timeliness of transactions, customer service, system availability, capacity, storage and retrieval, and other factors.
To review why it is critical for financial organizations to evaluate risk and implement proper controls with respect to healthcare data, see the “Compliance Guidelines for Financial Institutions in the Healthcare Sector: HITECH and the HIPAA Privacy and Security Rules” white paper published jointly by EHNAC, the Workgroup for Electronic Data Interchange (WEDI), Healthcare Information and Management Systems Society (HIMSS) Medical Banking Project, and The Electronic Payments Association (NACHA).
Because we recognize the unique needs of this market niche, EHNAC offers two types of FSAP Accreditation to more closely match your situation.
FSAP-EHN demonstrates that an organization meets a high standard of quality in handling protected health information as well as ensuring that it follows industry-established criteria for processing payments and other financial transactions. Some highlights of the criteria include:
- HNAP-EHN criteria with enhancements appropriate for the financial services industry
- Additional criteria to ensure the accredited organization’s general IT controls are more comprehensive to assist in the preparation of other audits, such as SSAE 16 (formerly SAS 70) or Sarbanes-Oxley16
FSAP-Lockbox differs from the other EHNAC programs in that certain performance metrics are modified or not included. For instance, a lockbox operation does not receive standards-based transactions. Also, specific document handling and delivery criteria are unique to this program.
Both of the FSAP programs:
- Reduce risk to PHI and operations through the demonstration of a risk management program with effective controls that appropriately minimize threats.
- Prepare your organization for third party audits including HIPAA/HITECH compliance audits that are now being conducted for the Office of Civil Rights (OCR); trading partner audits (some payers require EHNAC accreditation as a condition of processing their transactions); and state compliance (EHNAC accreditation is required for processing healthcare transactions in the states of Maryland and New Jersey).
- Enhance trust for your customers, trading partners, and other stakeholders.
Here’s what a couple FSAP-accredited organizations recently said about the program:
-Chris Seib, Chief Technology Officer and Co-Founder InstaMed
– Jeff Troutman, Executive Vice President PNC Healthcare