Fact 1: Almost all (if not all) of
the currently mandated HIPAA EDI transactions contain protected health
information
Fact 2: Today's business model
supports and enables protected health information to be stored redundantly by
many intermediaries between a health care provider and payer at substantial
cost
Fact 3: It is highly probable that
today's business model will continue for a substantial period of time unchanged
following the HIPAA drop-dead compliance dates for either or all of privacy,
security, EDI
Fact 4: Data at rest is
substantially more vulnerable to
disclosure/access than data in transit...regardless of whether the data at
rest is in a secured or unsecured environment
Fact 5: HIPAA requires the
implementation of appropriate safeguards for protected health information -
today and tomorrow
Question: Given these facts,
how does one evaluate the effort of this group to developing a series of
working papers on the topics of identifiers, addresses and delivery
channels, elements of the Healthcare Collaboration-Protocol Profile
(CPP), discovery of Healthcare CPPs via a Registry, address, solve or
mitigate any of the issues and/or problems inherent in the current business
model which I believe can reliably be predicted to continue for a substantial
period of time into the future surrounding the electronic exchange of health
information?
Comments: It seems to me that this is
a highly visionary model (one which has not yet been implemented in any other
industry to date) only serves to add further complexity and confusion to an
already highly complex and confused industry. There are solutions already
commercially available and affordable that address these issues. So please, I'd
appreciate some succinct words of explanation that one could use when talking to
industry participants about how identifiers, addresses and delivery
channels, elements of the Healthcare Collaboration-Protocol Profile
(CPP), discovery of Healthcare CPPs via a Registry help any one or all of
them implement an EDI capability that enables compliance with HIPAA by either
April 14, 2003 (privacy....and security), October 16, 2002, or testing by April,
2003, and full implementation by October 16, 3003.
Rachel
Foerster
Principal
Rachel Foerster & Associates, Ltd.
Professionals
in EDI & Electronic Commerce
39432 North Avenue
Beach Park, IL
60099
Phone: 847-872-8070
Fax: 847-872-6860
http://www.rfa-edi.com
