RFI Browser

Back  RFI # 1745: Credit Card data - 834 HIX

Formal vs. Informal Help Informal Formal

Submitter

Robert Reynolds

Description

The 834 transaction for Health Insurance Exchanges (5010X307) has two situational segments in Loop 2000 that support Credit/Debit Card data - 1) REF Credit/Debit Card Information and 2) DTP Credit Card Expiration Date. We are asking for clarification (or business case) with respect to the data in the segment REF Credit/Debit Card Number REF02 Reference Identifier (Credit Card Number) and REF04-02 Reference Identifier (Card Security Code) being permitted as the transfer and storage of Credit Card information in an EDI transaction, may cause a health plan to have issues if audited for Payment Card Industry Data Security Standards (PCI-DSS).

Submitter Assigned Keywords

Credit card 834 HIX

Response

The capability to transmit enrollee payment data was added to the X307 as the result of a request from health plans and upon confirmation that several states, intending to setup a state-based exchange, were able to share the data with issuers.

Entities using the transaction to transmit such data are responsible for adhering to other standards and regulations outside of the transaction. The TR3 has no purview over how senders and receivers of the data treat the data outside of the transaction itself.
Submission 2/5/2013
Status Date 7/12/2013
Status F - Final
Primary References
Document 005010X307
Section2.4
Page124
Table2
Loop2000