FSA-Linked Debit Cards Get a Pass on HIPAA

Issuers of debit cards tied to flexible-spending accounts may be breathing a sigh of relief now that the Centers for Medicare & Medicaid Services (CMS) unit of the federal Department of Health & Human Services has sent a letter to a marketer of one such card exempting its product from the electronic data interchange requirements in the 7-year-old Health Insurance Portability and Accountability Act (HIPAA). In the Oct. 2 letter to Avon, Conn.-based Evolution Benefits Inc., the CMS says “the beneficiary’s use of the FSA debit card for payment of out-of-pocket expenses at a pharmacy or provider’s office is comparable to a beneficiary’s payment to a health care provider using a conventional credit card.” The agency further says “this is because it is considered a transaction between the beneficiary and a provider, not a health plan and a provider.” Evolution Benefits, which today released the CMS letter, markets a 2-year-old FSA-linked, MasterCard-branded debit product called the Benny Card. Its argument to the CMS was that such cards should be exempt from the HIPAA EDI rules because the cards represent a relationship between consumers and merchants, as with other credit and debit card transactions, not between consumers or providers and insurers, as with conventional claims transactions. The company says that the EDI rules would have imposed substantial cost and administrative burdens on benefits managers without benefit to cardholders. Generally, the HIPAA EDI rules cover transmission of claims data, such as diagnostic codes, from providers to insurers; eligibility requests from providers to insurers; and transmission of payment data, such as explanation of benefit statements, from insurers to providers._x000D_