Healthcare providers, billing agencies, and other healthcare organizations may securely use Stax to process payments.
Note: The terms with an * next to them are explained at the end of the article. Select each term at the end for their related source.
The US Department of Health and Human Services (HHS) has a specific list of the types of organizations which are considered Business Associates* to Covered Entities.* Financial institutions like Stax are explicitly exempt from being required to enter into Business Associate Agreements (BAA).* Covered Entities are encouraged to follow their policies and procedures for entering information into financial platforms.
Below is the exemption from HHS for financial institutions.
Other Situations in Which a Business Associate Contract Is NOT Required:
When a financial institution processes consumer-conducted financial transactions by debit, credit, or other payment card, clears checks, initiates or processes electronic funds transfers, or conducts any other activity that directly facilitates or effects the transfer of funds for payment for health care or health plan premiums. When it conducts these activities, the financial institution is providing its normal banking or other financial transaction services to its customers; it is not performing a function or activity for, or on behalf of, the covered entity.
For more information on Health Information Privacy for Business associates go here.
*What is a "Business Associate (BA)?” A “business associate” is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity.
*What is a "Covered Entity (CE)?” Health plans, Health care clearinghouses and Health care providers, these entities (collectively called “covered entities”) are bound by the privacy standards even if they contract with others (called “business associates”) to perform some of their essential functions.
*What is a "Business Associate Agreement (BAA)?” A written contract between a covered entity and a business associate in accordance with HIPAA guidelines.