[Med-privacy] med-privacy and the "ERA"

pmarshall pwm@comcast.net
Thu, 18 Sep 2003 14:24:24 +0000 

======================================================================
 EPIC Joins Coalition to Urge Protection of Health Info
======================================================================

EPIC, the Health Privacy Project and 28 other health care advocacy,
labor, consumer, disability rights, and health care provider groups
sent a letter to Health and Human Services Secretary Tommy Thompson
urging him to affirm that protected health information sent through
the banking network must be accessible only to providers and health
plans for whom it is intended.  Financial institutions have expressed
interest in data mining electronic transactions that flow through the
banking system in order to gain information for use in marketing and
credit risk evaluation.  Once banks gain this information through data
mining, they can use and share it without limitation.

The transaction at issue is the Electronic Remittance Advice (ERA).
The ERA standard adopted by the Department of Health and Human
Services permits electronic funds transfer instructions and the ERA to
be sent within a single transaction.  Instructions for electronic
funds transfer contain no protected health information, but the ERA
does. The Preamble to the Privacy Rule makes it clear that the
receiving bank is the intended recipient of the electronic funds
transfer instructions and a provider or health plan is the intended
recipient of the ERA.  The Preamble further states that the protected
health information in the ERA is not necessary for the performance of
the funds transfer function by banks and that covered entities may not
disclose protected health information to banks for this purpose.

The banking industry has been asking the Office for Civil Rights to
revise or retract this earlier guidance, claiming that the ERA is part
of the payment function performed by banks.  Organizations that signed
the letter to Secretary Thompson relied on the Preamble and
legislative history to urge the Department to affirm the position it
took in the Preamble to the Privacy Rule.

View the letter sent by the coalition:

     http://www.epic.org/privacy/medical/hhsletter.pdf

View EPIC's Medical Privacy Page:

     http://www.epic.org/privacy/medical