Chris, I understand where you are going with this but I think you may be mixing apples and oranges. JCAHO Accreditation does have real meaning and the threat of losing accreditation does have real world implications. It is the recognized standard for healthcare quality and patient safety.
Under the proposed security rule there is something called self certification which is maybe where the privacy certification will lead. There probably needs to be something like ISO9000 in the healthcare vertical to have industry accepted standards for privacy and security. Regards, David Frenkel Business Development GEFEG USA Global Leader in Ecommerce Tools www.gefeg.com 425-260-5030 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 18, 2002 4:49 PM To: WEDI SNIP Testing Subworkgroup List Subject: RE: FW: Public Comment: NCQA Releases Draft Standards for Privacy Certification Program For Business Associates Respected colleauges: (I am not clear if this a conversational thread on the topic and if it is proper that I respond with comments here. If not, please let me know and beg your indulgence.) I am concerned how a provider discerns between what ClarEDI certifcation, Mercator certified, ENHAC certified, Microsoft certified, NCQA certification, JCAHO...etc... truly means? An uninformed provider can, does and will pay a higher price for a "certified" system/covered entity. Clearly, not the intent of HIPAA, but a true blue, time tested, economic phenomonon. At some point, all the alphabet soup of certifications loses signifiance to the very people it was intended to help make an informed choices. I think Privacy "certifcation" is uncessary because a federal statue now exists that holds culpable covered entities criminally for their actions. Ergo, covered entities and vendors are accountable at the most fundemental of levels, their businesses are at significant risk. I certainly don't want to be the test case for enforcement. In contrast,certification of for security and transaction standards are tangible in value to the both vendor and covered entity. They provide some defined (debateable, I know) benchmark that the vendor/covered entity took steps to bring their systems and practices in line with a "standard". They go beyond policy and procedure. Security technology is deployed or it isn't. Each certification holds each coverd entity to having to meet a minimum level. These standards have been evolving for years and are widely adopted and accepted in other industries. The transactions are transmited in the standard format, or they are rejected. (I know that's simplistic) I welcome a alternate point of view. With best regards and warmest holiday blessings and wishes for all who read this. Chris Brancato Compliance Officer Director-Development/Product Management Health Data Services Suite 3a 503 Faulconer Drive Charlottesville, VA 22903 434-817-9000 Original Message: ----------------- From: Miriam Paramore [EMAIL PROTECTED] Date: Wed, 18 Dec 2002 18:47:51 -0500 To: [EMAIL PROTECTED] Subject: FW: Public Comment: NCQA Releases Draft Standards for Privacy Certification Program For Business Associates In a recent post during the discussion of certification, I mentioned this program that NCQA is doing. Notice they use the word "certification". Even though this is for Privacy, it shows that groups like WEDI are trying to set the bar. Best Regards, Miriam J. Paramore President & CEO PCI: e-commerce for healthcare 9001 Shelbyville Road iTRC Building Louisville, KY 40222 502-429-8555 www.hipaasurvival.com =========================================== This email contains confidential information intended only for the named addressee(s). Any use, distribution, copying or disclosure by any other person is strictly prohibited. -----Original Message----- From: PCBAPUBCOM [mailto:[EMAIL PROTECTED]] Sent: Monday, December 16, 2002 4:51 PM Subject: Public Comment: NCQA Releases Draft Standards for Privacy Certification Program For Business Associates > NCQA is pleased to release its new Privacy Certification for Business > Associates evaluation program for a 45-day public comment period and > invites your comments and suggestions. The draft requirements were posted > on NCQA's Web site, www.ncqa.org, on December 16, and they will be > available through the conclusion of the public comment period on January > 31. > > With the compliance deadline for new Health Insurance Portability and > Accountability Act (HIPAA)-mandated privacy regulations rapidly > approaching, business associates will want to ensure their privacy > practices are in line with the tough new privacy standards. > > Privacy Certification standards closely track with the final HIPAA privacy > regulations. Specific requirements relate to: > > * Privacy protections for oral, written and electronic PHI > * Processes and practices for the storage, use and disclosure of PHI > * Employee training on PHI protections > * Consumer access to PHI > * Contracts between covered entities and their business associates > * Protection of PHI by business associate subcontractors and agents. > > > Please take this opportunity to offer your insights, and help shape NCQA's > new Privacy Certification program! > > Public Comment: December 16, 2002 -January 31, 2003 > > > --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-testing as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org -------------------------------------------------------------------- mail2web - Check your email from the web at http://mail2web.com/ . --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-testing as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-testing as: [email protected] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
