Rachel said that COTs (or, really, COTAs - Chain of Trust Agreements) are really out of scope since they actually pertain to the Security NPRM. And besides, they are agreements between business associates themselves, and between BAs and covered entities (payers, providers and Clearinghouses). I'm guessing a COTA would not be required directly between a payer and a provider (or payer and a CH) since, as covered entities, they are all required to be careful with protected health information. Everybody else coming into contact with PHI can freely disseminate it to the wind, unless otherwise covered by a COTA! When I said COTAs were transitive, I just meant that there was no need to have a COTA between A and C, using B as an intermediary, if there were already a COTA between A and B, and another one between C and B (I'm assuming COTAs are also associative).
A Trading Partner Agreement, on the other hand, is by definition *between* trading partners - the "end points" - i.e., a payer and a provider, a payer and a bank, an employer and a payer, etc. But I suppose TPAs could be (somewhat) "transitive" too: maybe a CH could say if you sign up with us, you agree to certain common criteria and remedies, and to use the standard WEDi/SNIP Electronic Trading Partner Agreement accessible through Kepa's DNS "directory." The only signed contract (strictly speaking, not a "TPA") in this case would be between the CH and its customer (the payer, provider or yet another CH). This is the same "transitive" model used in the credit card business: I have (1) a signed agreement with my bank, and (2) my bank has a "member" agreement with VISA, (3) likewise, my merchant's bank has a "member" agreement with VISA, and (4) the merchant's bank has an agreement with the merchant himself. Add in some law, like Regs. E and Z, and you have an efficient system that obviates any need for a separate agreement between me and every merchant with whom I use my VISA card. William J. Kammerer Novannet, LLC. +1 (614) 487-0320 ----- Original Message ----- From: "Ronald Bowron" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, 20 February, 2002 10:32 AM Subject: Re: Electronic Trading Partner Agreements William, I agree with your assessment that manual TPA's would render any automated routing methodology moot. I had previously raised the question as to why the TPA cannot be transitive like the COT? Better yet, why not combine the COT with the TPA? Then the COT/TPA assumes the Payer trusts the Clearinghouse or Repricer to ensure the validity of the Provider (Each CE carries the trust from the previous entity). Not being a legal person, I don't know if this would be advisable or not. There are Provider Credentialing services out there that will substantiate the licensing of an individual provider, as well. I believe the infrastructure exists today, although it is not coupled with the electronic transaction processing, and most likely not well supported by the electronic processing systems. If we could define the methodology for verifying the identity of a CE as part of the TPA process, then the TPA may be able to be automated. I've always advocated, if a manual processing works then consider automation. If it's broken and you automate - you exacerbate the problem 10,000 times more often. So, is the current manual TPA process working well enough that it is possible to introduce automation and standards? Have any of the larger payers moved to a Web Based TPA process? Would a notary model like Thawte (www.thawte.com) is using for certificates be acceptable, or overly complicated? So many questions, so little time. I believe Kepa has the appropriate approach to solving the lower level routing issues, but now we need to walk that back into the business process level and see what falls apart. If business requirements dictate a TPA between CE's before routing can occur, then we must address how TPA's can support our efforts to automate routing. Regards, Ronald Bowron
