Rama, I may have to disagree with you a little bit. Until someone can certify third parties you cannot tell me that their tool is any better than something developed internally. Some translators have EDI validation built in and let's say they produce 98% compliant transactions, they test with a third party who tool is 95% compliant, in effect they have just lowered the quality of their validation because they changed their intrepretation to agree with someone else's tool.
These discussions are almost laughable if they didn't have such serious consequences to the covered entity. These EDI testing companies basically gave everyone an easy way out to test compliance without any guarantee on the backend. Send one file in and get certified, give me a break. This is most likely caused by the fact that reviewing the bio's of all the major EDI validation vendors, it is doubtful you will find software testing or certification as part of their training or expertise. They are software vendors plain and simple, trying to sell product with no way to prove their software is any better than anyone else's. We should nominate this discussion thread as HIPAA's biggest hoax. Roswell, crop circles, bigfoot and now we can add certification to the list all at the expense of the most vulnerable segment - the covered entity... shame on you. Best of luck to CMS trying to prove or disprove compliance given these set of circumstances. John Singer Duluth, MN. -- On Thu, 19 Dec 2002 02:25:22 John Carter wrote: >Let me first say that our company will continue to use "Third-Party >Certification" because it is a very useful TOOL for us. The only better >possible tool would be an OPEN SOURCE application that can be used for >testing/certification of transactions by everyone for free. > >You are correct when you say certifying a transaction is easy (when all >you do is tweak your output). In our case, we made a point to create a >cross section of all types of encounters from every provider on our >network. We have been using "Third-Party Certification" for over a year. >We have "Certified" all of the approved transactions we create. We have >also beta-tested and/or true-tested with several payers. In every case I >can create a file that will pass certification but will not be >acceptable by the payers system. Two examples are (1) Bugs in the >certifiers system and (2) Different interpretation of the IG (e.g. >include '001' revcode or not). In both of these cases the only problem >was that the "Third-Party Certification" was either wrong or had a >different interpretation of the guides. Neither of the covered entities >were wrong. You a correct in saying that what we call "certification" >today doesn't really mean the interoperability it was proposed to >foster. > >And now my point... >Third-Party Certification is a useful TOOL. The relatively young IG's >have too many problems for any certification to guarantee >interoperability. My concern is that Third-Party Certification is being >over hyped and the white papers related to it serve the business of >Third-Party Certification more than the serve the health care industry >at large. Moving too quickly to require more and more certification is >great if you are in the certification business. > >John Carter >[EMAIL PROTECTED] > > > >-----Original Message----- >From: Marcallee Jackson [mailto:[EMAIL PROTECTED]] >Sent: Thursday, December 19, 2002 12:50 AM >To: WEDI SNIP Testing Subworkgroup List >Cc: 'WEDI SNIP Transactions Workgroup List'; 'WEDI Business Issues >Subworkgroup List' >Subject: NCQA Certifies Compliance SNIP Comes Up Short > > >I think that the NCQA program for certification shows how much work we >have in store for us here at WEDI-SNIP. To date, our testing and >certification white paper focuses on a process that "certifies" TCS >compliance based on a single isolated event. I maybe wrong, but I don't >think this is correct. The successful test of a single transaction set >could very well be meaningless in the big picture. > >For example, clearinghouses have been certifying transactions for months >now based on our recommendation to the industry that they do so. To not >certify with Claredi today would be near suicide for a clearinghouse. >But has their certification moved the industry further toward >compliance? Is it much more than costly PR fluff? When a clearinghouse >announces to its clients it has achieved certification, it does so in >order to show compliance and put their client's minds at ease but should >it? > >A clearinghouse that is able to exchange standard transactions is not >necessarily anywhere near compliance and neither are many/most of its >customers! For a clearinghouse, testing and certifying a standard >transaction is easy. It's getting the standard transaction or >non-standard equivalent for translation from their client that's the >hard part. If a clearinghouse hasn't validated they're ability to >translate non-standard to standard for a wide range of provider types, >they should not be "certified" as HIPAA compliant. But how often are >covered entities told they should ask their clearinghouse if they are >"certified"? How often are they told what that certification will >really mean to them? > >A similar situation exists with vendors. Sure the vendor can test and >show that at one point he was able to submit a file that passed a set of >edits but does that mean his users will achieve compliance? No. Even >if the software is tested and proven to have the capability of handling >standards, without the required data elements for a claim, a compliant >837 is not possible. System remediation is only a part of the >compliance effort. Operational remediation is also a must. In addition, >few systems being certified are capable of rejecting transactions or >transaction sets that are not fully compliant. If the system cannot >differentiate between a non-compliant inbound transaction and reject it, >and it accepts and processes non-compliant transactions, is it a HIPAA >compliant system? > >So it's clear our paper doesn't suggest real certified compliance for >these entities or their clients and we haven't even begun to look at the >compliance of the certifier. Who are these people to be certifying in >the first place? What are their qualifications? What methodologies do >they follow and who decided that theirs was the one that was right? If >a provider tested and certified with one entity and later was found to >be non-compliant, does that mean that all the entities certifying with >that certifier now have questionable certification? > >When you look at the level of detail that goes into the NCQA >certification process and really think through what is needed for TCS >compliance, not just in terms of HIPAA compliance but in terms of >compliance with other business requirements too (requirements that would >ensure interoperability for example), it is easy to see that we come up >very short and have perhaps, unintentionally mislead the industry into >believing that they got something from TCS certification that they did >not, certification of HIPAA compliance. > >I think we need to stop and ask ourselves, does SNIP really have the >time, resources and expertise to develop a proper HIPAA Transactions and >Code Sets Compliance Certification Program? Can we do it in the >timeframe in which it needs to be done? Or is our goal really something >less than certification? Is it really validation? Webster's defines >certification as 1. to attest as certain 2. to guarantee; endorse - but >the one entity who has published its process of certification offers no >guarantee and no warranty. Validate is defined as to make valid; >substantiate. Substantiate is defined as to establish by proof or >competent evidence. It seems pretty clear that our recommended process >for testing can only result in validation of testing compliance not >certification of HIPAA TCS and Code Set compliance. > >I am new to the testing list. Maybe this whole issue was put to bed a >long time ago. If it has, I apologize to the group but ask that we run >through it one more time for the benefit of the newcomers. Why are we >stuck on "certification"? What's wrong with "validation"? Seems to me >one of our vendors has already described for our list an excellent >process for validation but the issue seems to be they call their process >certification. A rose by another name doesn't stink. Does validation >bring less value to the industry? No, because validation brings the >savings we have been talking about, shorter testing. Does certification >bring greater value to the industry, quite likely it does but I would >submit that certification, as it is actually defined and as a >methodology, has not been our real focus here to-date. > >I know there are people who have a great many years of experience in >testing and certification looking at our process now and finding it >lacking. I think these folks may have a pretty good case. I have seen >a white paper derailed when one of our groups could not form consensus >and a well articulated and perhaps valid argument was presented by a >group similar to the one that is forming against our interpretation of >certification. Can we afford to have our paper on testing derailed >because of one word? Especially when it seems we have to bend the >meaning of that word in order to make it fit? > >I encourage the group to ask themselves, are we listening? Are we open >to contrary opinions and interpretations on this issue? How are we >addressing them? Are we using some formal method to do so? I think we >need to be careful to cross our t's and dot our i's because when an >industry who thinks they paid for certification ends up only with >validation, we could be the ones to blame. > >Marcallee Jackson >Long Beach, CA >562-438-6613 > >P.S. Because this issue is so critical and for the benefit of other >members, I have copied the Transaction and Business Issues lists. If >you receive duplicate messages, please excuse the inconvenience. > > > > >-----Original Message----- >From: Miriam Paramore [mailto:[EMAIL PROTECTED]] >Sent: Wednesday, December 18, 2002 3:48 PM >To: WEDI SNIP Testing Subworkgroup List >Subject: FW: Public Comment: NCQA Releases Draft Standards for Privacy >Certification Program For Business Associates > >In a recent post during the discussion of certification, I mentioned >this >program that NCQA is doing. Notice they use the word "certification". >Even >though this is for Privacy, it shows that groups like WEDI are trying to >set >the bar. > >Best Regards, > >Miriam J. Paramore >President & CEO >PCI: e-commerce for healthcare >9001 Shelbyville Road >iTRC Building >Louisville, KY 40222 >502-429-8555 >www.hipaasurvival.com > > > >--- >The WEDI SNIP listserv to which you are subscribed is not moderated. The >discussions on this listserv therefore represent the views of the >individual participants, and do not necessarily represent the views of >the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an >official opinion, post your question to the WEDI SNIP Issues Database at >http://snip.wedi.org/tracking/. These listservs should not be used for >commercial marketing purposes or discussion of specific vendor products >and services. They also are not intended to be used as a forum for >personal disagreements or unprofessional communication at any time. > >You are currently subscribed to wedi-testing as: [EMAIL PROTECTED] >To unsubscribe from this list, go to the Subscribe/Unsubscribe form at >http://subscribe.wedi.org or send a blank email to >[EMAIL PROTECTED] >If you need to unsubscribe but your current email address is not the >same as the address subscribed to the list, please use the >Subscribe/Unsubscribe form at http://subscribe.wedi.org > > > >--- >The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions >on this listserv therefore represent the views of the individual participants, and do >not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If >you wish to receive an official opinion, post your question to the WEDI SNIP Issues >Database at http://snip.wedi.org/tracking/. These listservs should not be used for >commercial marketing purposes or discussion of specific vendor products and services. > They also are not intended to be used as a forum for personal disagreements or >unprofessional communication at any time. > >You are currently subscribed to wedi-testing as: [EMAIL PROTECTED] >To unsubscribe from this list, go to the Subscribe/Unsubscribe form at >http://subscribe.wedi.org or send a blank email to >[EMAIL PROTECTED] >If you need to unsubscribe but your current email address is not the same as the >address subscribed to the list, please use the Subscribe/Unsubscribe form at >http://subscribe.wedi.org > _____________________________________________________________ Get 25MB, POP3, Spam Filtering with LYCOS MAIL PLUS for $19.95/year. http://login.mail.lycos.com/brandPage.shtml?pageId=plus&ref=lmtplus --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-testing as: [email protected] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
