January 7, 2009, 8:07 AM

The Gold Seal Standard

[To be launched December 2008. Please return here for further updates! - MBProject Staff ]

Welcome to the new Gold Seal Accreditation Program! MBProject's Gold Seal sets a new standard for the banking and financial services industry in the critical area of data privacy and security. MBProject has a 15 year history in convening, facilitating and defining critical issues in the convergence of healthcare and banking systems, with a special focus on the development of data protection and compliance policy within the cross-over domain of medical banking. Our work forms the basis for this exciting new designation for medical banking constituencies.

The Gold Seal Standard assures customers that they are receiving services that have been recognized as meeting the highest standards of data privacy and security compliance mandated under banking and healthcare regulations, including HIPAA. Service areas that may achieve a Gold Seal include:

- Bank-based electronic health data transaction services
- New lockbox programs that offer health data management programs
- New credit/debit card programs that link banking and healthcare systems

- Banks/FIs that offer electronic and/or personal healthcare records
- Banks that offer account-based healthcare plans (HSAs)
- New healthcare ERA/EFT service areas
- Specialized healthcare lending programs
- Medical statement/print centers

- Other service areas that combine banking and healthcare systems

Benefits to organizations that are awarded the Gold Seal status include:

  • Ensure appropriate controls are in place so that individuals using medical banking services can be assured of confidentiality, privacy and security of their data.
  • Complement or supplement an internal evaluation of compliance with privacy regulations.
  • Identify any gaps in an existing compliance process and policy and as a byproduct, highlight areas for effective remediation.
  • Demonstrate and document organizational due diligence in the event of legal or regulatory investigation that may result from a security breech.
  • Provide an independent assessment of compliance with relevant rules and regulations, including the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and related operational privacy and security standards using a common set of best practices criteria.
  • Provide a level of accreditation that is appropriate and cost effective for organizations that are classified as business associates, covered entities or both, under HIPAA.
  • Assist in market acceptance and credibility of new and evolving medical banking solutions through an independent “Gold Seal” that emphasizes protection of individually identifiable health information.
  • Promote market confidence in medical banking programs through public and government acceptance of a Medical Banking “Gold Seal Standard”. Provide an accepted and acknowledged alternative to regulatory oversight.
  • Reduce the corporate risk of investing in healthcare programs by assuring that such programs meet accepted industry requirements for privacy and security of health data.
  • Convey competitive advantage and/or common ground among medical banking organizations that have access to or use individually identifiable health data in the services they perform for the marketplace.

Background

MBProject has worked for over a decade to define and document the convergence of banking and healthcare systems. MBProject first recognized the need for an accreditation program in 1996 that is specifically focused on the health data privacy and security risks related to medical banking constituencies. MBProject convenes banks, financial services organizations, government, consumers groups and academic organizations to facilitate medical banking in the marketplace to foster thought leadership, research and documentation, create learning and networking forums that facilitate new industry partnerships in medical banking and facilitates the use of demonstration and pilot programs to inform our national process.

Development of the MBProject Gold Seal

As the market progressively moves from a paper-based to digital economy, privacy and security concerns have garnered increasing public attention. It is vital to all interests that organizations that manage and access sensitive information can maintain the highest standard of public trust.

Based on this need, MBProject sought to create an accreditation program by convening a new Accreditation Review Council (ARC). The Council, over a period of 15 months, assessed relevant banking and healthcare regulations, privacy and security frameworks (such as CoBiT, NIST, ISO), as well as the current landscape of accreditation programs. The Council evaluated a wide range of issues, inviting outside groups for comments and insight, before building a common set of medical banking standards in this key area. The resulting criteria are responsive to the regulatory, legislative and general privacy and security climate today. The ongoing efforts of ARC will assure that these criteria continue to evolve as new risk areas are identified.

>> See Members in Good Standing

ARC obtains the input of government, consumer and industry representatives as well as technical experts, to ensure the criteria are sound, consistent with relevant rules and regulations and based on best practices. Recent areas of focus for the Gold Seal criteria are referenced below. We invite industry and consumer feedback at info@mbproject.org.

>> See Gold Seal Criteria (coming soon)

Organizations seeking the Gold Seal must carefully inventory their safeguards. We use an innovative, self-explanatory web-based portal that permits applicants to effectively obtain detailed input from their domain and subject matter experts. Finally, an independent Public Trust Advisory Board vote whether to award the Gold Seal status to applicants that meet the accreditation standards.

>> See Public Trust Advisory Board (coming soon)


The Process

The Gold Seal program provides three core reports that outline risks, results, controls and a gap assessment for each Standards Module assessed for the applicant organization. Other reports and documents may also be provided based on the needs and preferences of the organization.

>> See Gold Seal 12-step Process (coming soon)

The Gold Seal program uses three risk categories, with ranges within those categories, to define the risks and readiness of the organization's privacy and security practices. The administration of this phase is completed by MBProject staff.

After the Project’s review, results are placed before a new Public Trust Advisory Board for a vote. This board is currently under development, however, it will represent consumers, employers, providers and plans. No banking or financial services organizations, or healthcare IT firms will be part of the new Board. The Public Trust Advisory Board is charged with reviewing the score, (de-identified as to organization), and casting a vote for or against the applicant. A negative result will be accompanied with a description of the areas in need of improvement. A positive result will yield the Gold Seal status.
More on Membership
Membership Benefits
A Medical Banking Road Map for America

Related Information
Workgroups & Initiatives
Online Directory
Facilitating the Medical Banking Industry

 

 
© Copyright 2001-2009 MBProject | Legal Notice | 1.615.794.2009 | info@mbproject.org