Blurred Lines: When HIPAA, HITECH, FinReg and Medical Financing Collide

ghy78jknm.jpg

In the Internet Age, the medical lending industry has changed greatly due to the proliferation of financial technology, which increased safety and security of both transactions and patient information. Companies are disrupting a multibillion-dollar industry by allowing patients to obtain funding for their care providers and treatments of choice, including cosmetic surgery financing, which is one of the top requests from prospective patients. They also work to educate patients on their rights and responsibilities under the law, and ensure patients have access to all the legal and financial information they need to make suitable decisions about their healthcare. 

However, the ever-changing nature of technology and the often-precarious regulatory landscape means patient-facing providers often occupy a treacherous middle ground between patient privacy, effective healthcare and oversight regulation. The lines are often confusing or contradictory, forcing these companies to think six moves ahead of current regulation to help ensure they stay current on the regulations impacting their niche market without sacrificing patient care. 

In 1996, the Health Insurance Portability and Accountability Act, or HIPAA, was created to meet the challenges of maintaining patients’ rights to privacy and confidentiality concerning their healthcare in the burgeoning Internet age. One of the key exemptions in HIPAA affected the financial sector in Section 1179, which reads:

To the extent that an entity is engaged in the activities of a financial institution, or is engaged in authorizing, processing, clearing, settling, billing, transferring or collecting payments for a financial institution, then the HIPAA statute and the accompanying rules do not apply.

In 2012, the Health Information Technology for Economic and Clinical Health Act, or HITECH, was passed, tightening restrictions and regulations for companies dealing partially or wholly in patient healthcare, as well as enhancing the obligation of these companies to ensure the protection of the individual consumer information generated by same to the maximum possible extent. Under HITECH, the exemptions in HIPAA for financial-side companies providing payment or funding to healthcare-side entities for individual patient treatments were tightened almost into nonexistence. This meant finance companies which had previously relied on the Section 1179 exemption no longer had that cushion between HIPAA requirements and their daily operations, and incurred the same obligations toward private medical information as healthcare providers, medical staff and support personnel.  

However, government officials and advisory panels have often noted technology is far outstripping the ability to regulate it. Legislation intended to safeguard consumers from the unknown consequences of updated technology is frequently obsolete before it’s ever deployed due to the rapid pace of innovation. Because regulation tends to lag years behind emerging tech, regulators find themselves in a binary position of either being forced to embrace reckless action which risks stifling competition and innovation without having adequate access to the information required to make informed policy decisions, or a paralytic scheme in which nothing is regulated to the detriment of the consumer. These issues are only magnified by conflicting or competing legislation which spans multiple disciplines, such as the healthcare credit industry.

The educational sector has produced a blizzard of white papers, policy analyses and speculatory pieces concerning this paradox between the rapid pace of innovation and the relative crawl at which regulation can consider new technology and privacy paradigms. Scholars in the fields of law, medicine, public policy and technology have all considered how their fields are intertwined and what may come next, and the inescapable consensus is that regardless of what it will be or what it will look like, policymakers will almost certainly not be ready.

Healthcare lending companies and brokerages live in the battleground between these disciplines. They also exist in a state of constant government and civilian watchdog scrutiny as they navigate a spaghetti bowl of regulations and statutes which contradict, negate and enhance each other, often in unexpected ways. As a result, they have adopted ongoing patient confidentiality and protection protocols which meet or exceed the existing regulatory requirements and often go far beyond them, in a bid to ensure they are and remain compliant with evolving regulation for years to come. For patients, this means they can shop with confidence, knowing whatever regulatory hurdles may come in the future, their information will be protected.

Leave a Reply

Your email address will not be published. Required fields are marked *