HIPAA regulations may have a significant impact upon banking operations. Following are the answers to questions most frequently asked by ODFI's (Originating Depository Financial Institutions) and RDFI's (Receiving Depository Financial Institutions).
- Yes, because it contains no protected health information. The protected health information contained in the electronic remittance advice portion of the transaction is not necessary either to conduct the funds transfer or to forward the transactions.
- The standards for Privacy of Individually Identifiable Health Information; Final Rule; 45 CFR; Section 164.501 (page 82496), state: "a covered entity may not disclose the protected health information (remittance advice) to a financial institution for these purposes [electronic funds transfer]. A covered entity may transmit the portions of the transactions containing protected health information through a financial institution if the protected health information is encrypted so it can be read only by the intended recipient [Healthcare Providers (835) or Health Plans (820)]. In such cases, no protected health information is disclosed and the financial institution is acting solely as a conduit for individually identifiable data."