I hope you are correct, however, looking back at the history of the development in the FDA regulated industry, if HIPAA will take the same turn, , fines in FDA world may exceed 1 mil per day for some giant companies, so we could I guess just hope it will be done differently , but in 1996 people thought the same about 21 CFR Part 11,
regards,
Jacob Vishnevsky
Stelex-TVG
Two Greenwood Square, Suite 310
3331 Street Road
Bensalem, PA 19020
phone: (215) 352-1133
cell:(215) 421-8539
fax: (215) 638-9333
email: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
-----Original Message-----
From: Marcallee Jackson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 19, 2002 10:15 AM
To: WEDI SNIP Testing Subworkgroup List
Subject: RE: The HIPAA Hoax
If HIPAA certification has been a hoax all along, it may quickly become
one of the most costly healthcare has experienced! Think of this, given
the pricing model of one of our vendors, if the following number of
entities has certified, the approximate fees for doing so would be over
$20,000,000 annually:
Physicians 10,000 certifiable entities $ 6,000,000
Hospitals 5,000 certifiable entities $12,000,000
Vendors 500 certifiable entities 3,000,000
TOTAL $21,000,000
And that would only be scratching the surface of the number of entities
that our paper recommends certify! 21 million dollars (and growing)
worth of waste in a system that is struggling for money is hard to laugh
at.
-----Original Message-----
From: John Singer [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 19, 2002 6:57 AM
To: WEDI SNIP Testing Subworkgroup List
Subject: The HIPAA Hoax
Rama,
I may have to disagree with you a little bit. Until someone can certify
third parties you cannot tell me that their tool is any better than
something developed internally. Some translators have EDI validation
built in and let's say they produce 98% compliant transactions, they
test with a third party who tool is 95% compliant, in effect they have
just lowered the quality of their validation because they changed their
intrepretation to agree with someone else's tool.
These discussions are almost laughable if they didn't have such serious
consequences to the covered entity. These EDI testing companies
basically gave everyone an easy way out to test compliance without any
guarantee on the backend. Send one file in and get certified, give me a
break. This is most likely caused by the fact that reviewing the bio's
of all the major EDI validation vendors, it is doubtful you will find
software testing or certification as part of their training or
expertise. They are software vendors plain and simple, trying to sell
product with no way to prove their software is any better than anyone
else's.
We should nominate this discussion thread as HIPAA's biggest hoax.
Roswell, crop circles, bigfoot and now we can add certification to the
list all at the expense of the most vulnerable segment - the covered
entity... shame on you. Best of luck to CMS trying to prove or disprove
compliance given these set of circumstances.
John Singer
Duluth, MN.
--
On Thu, 19 Dec 2002 02:25:22
John Carter wrote:
>Let me first say that our company will continue to use "Third-Party
>Certification" because it is a very useful TOOL for us. The only better
>possible tool would be an OPEN SOURCE application that can be used for
>testing/certification of transactions by everyone for free.
>
>You are correct when you say certifying a transaction is easy (when all
>you do is tweak your output). In our case, we made a point to create a
>cross section of all types of encounters from every provider on our
>network. We have been using "Third-Party Certification" for over a
year.
>We have "Certified" all of the approved transactions we create. We have
>also beta-tested and/or true-tested with several payers. In every case
I
>can create a file that will pass certification but will not be
>acceptable by the payers system. Two examples are (1) Bugs in the
>certifiers system and (2) Different interpretation of the IG (e.g.
>include '001' revcode or not). In both of these cases the only problem
>was that the "Third-Party Certification" was either wrong or had a
>different interpretation of the guides. Neither of the covered entities
>were wrong. You a correct in saying that what we call "certification"
>today doesn't really mean the interoperability it was proposed to
>foster.
>
>And now my point...
>Third-Party Certification is a useful TOOL. The relatively young IG's
>have too many problems for any certification to guarantee
>interoperability. My concern is that Third-Party Certification is being
>over hyped and the white papers related to it serve the business of
>Third-Party Certification more than the serve the health care industry
>at large. Moving too quickly to require more and more certification is
>great if you are in the certification business.
>
>John Carter
>[EMAIL PROTECTED]
>
>
>
>-----Original Message-----
>From: Marcallee Jackson [mailto:[EMAIL PROTECTED]]
>Sent: Thursday, December 19, 2002 12:50 AM
>To: WEDI SNIP Testing Subworkgroup List
>Cc: 'WEDI SNIP Transactions Workgroup List'; 'WEDI Business Issues
>Subworkgroup List'
>Subject: NCQA Certifies Compliance SNIP Comes Up Short
>
>
>I think that the NCQA program for certification shows how much work we
>have in store for us here at WEDI-SNIP. To date, our testing and
>certification white paper focuses on a process that "certifies" TCS
>compliance based on a single isolated event. I maybe wrong, but I
don't
>think this is correct. The successful test of a single transaction
set
>could very well be meaningless in the big picture.
>
>For example, clearinghouses have been certifying transactions for
months
>now based on our recommendation to the industry that they do so. To
not
>certify with Claredi today would be near suicide for a clearinghouse.
>But has their certification moved the industry further toward
>compliance? Is it much more than costly PR fluff? When a
clearinghouse
>announces to its clients it has achieved certification, it does so in
>order to show compliance and put their client's minds at ease but
should
>it?
>
>A clearinghouse that is able to exchange standard transactions is not
>necessarily anywhere near compliance and neither are many/most of its
>customers! For a clearinghouse, testing and certifying a standard
>transaction is easy. It's getting the standard transaction or
>non-standard equivalent for translation from their client that's the
>hard part. If a clearinghouse hasn't validated they're ability to
>translate non-standard to standard for a wide range of provider types,
>they should not be "certified" as HIPAA compliant. But how often are
>covered entities told they should ask their clearinghouse if they are
>"certified"? How often are they told what that certification will
>really mean to them?
>
>A similar situation exists with vendors. Sure the vendor can test and
>show that at one point he was able to submit a file that passed a set
of
>edits but does that mean his users will achieve compliance? No. Even
>if the software is tested and proven to have the capability of handling
>standards, without the required data elements for a claim, a compliant
>837 is not possible. System remediation is only a part of the
>compliance effort. Operational remediation is also a must. In
addition,
>few systems being certified are capable of rejecting transactions or
>transaction sets that are not fully compliant. If the system cannot
>differentiate between a non-compliant inbound transaction and reject
it,
>and it accepts and processes non-compliant transactions, is it a HIPAA
>compliant system?
>
>So it's clear our paper doesn't suggest real certified compliance for
>these entities or their clients and we haven't even begun to look at
the
>compliance of the certifier. Who are these people to be certifying in
>the first place? What are their qualifications? What methodologies do
>they follow and who decided that theirs was the one that was right? If
>a provider tested and certified with one entity and later was found to
>be non-compliant, does that mean that all the entities certifying with
>that certifier now have questionable certification?
>
>When you look at the level of detail that goes into the NCQA
>certification process and really think through what is needed for TCS
>compliance, not just in terms of HIPAA compliance but in terms of
>compliance with other business requirements too (requirements that
would
>ensure interoperability for example), it is easy to see that we come up
>very short and have perhaps, unintentionally mislead the industry into
>believing that they got something from TCS certification that they did
>not, certification of HIPAA compliance.
>
>I think we need to stop and ask ourselves, does SNIP really have the
>time, resources and expertise to develop a proper HIPAA Transactions
and
>Code Sets Compliance Certification Program? Can we do it in the
>timeframe in which it needs to be done? Or is our goal really
something
>less than certification? Is it really validation? Webster's defines
>certification as 1. to attest as certain 2. to guarantee; endorse - but
>the one entity who has published its process of certification offers no
>guarantee and no warranty. Validate is defined as to make valid;
>substantiate. Substantiate is defined as to establish by proof or
>competent evidence. It seems pretty clear that our recommended
process
>for testing can only result in validation of testing compliance not
>certification of HIPAA TCS and Code Set compliance.
>
>I am new to the testing list. Maybe this whole issue was put to bed a
>long time ago. If it has, I apologize to the group but ask that we run
>through it one more time for the benefit of the newcomers. Why are we
>stuck on "certification"? What's wrong with "validation"? Seems to
me
>one of our vendors has already described for our list an excellent
>process for validation but the issue seems to be they call their
process
>certification. A rose by another name doesn't stink. Does validation
>bring less value to the industry? No, because validation brings the
>savings we have been talking about, shorter testing. Does
certification
>bring greater value to the industry, quite likely it does but I would
>submit that certification, as it is actually defined and as a
>methodology, has not been our real focus here to-date.
>
>I know there are people who have a great many years of experience in
>testing and certification looking at our process now and finding it
>lacking. I think these folks may have a pretty good case. I have seen
>a white paper derailed when one of our groups could not form consensus
>and a well articulated and perhaps valid argument was presented by a
>group similar to the one that is forming against our interpretation of
>certification. Can we afford to have our paper on testing derailed
>because of one word? Especially when it seems we have to bend the
>meaning of that word in order to make it fit?
>
>I encourage the group to ask themselves, are we listening? Are we open
>to contrary opinions and interpretations on this issue? How are we
>addressing them? Are we using some formal method to do so? I think we
>need to be careful to cross our t's and dot our i's because when an
>industry who thinks they paid for certification ends up only with
>validation, we could be the ones to blame.
>
>Marcallee Jackson
>Long Beach, CA
>562-438-6613
>
>P.S. Because this issue is so critical and for the benefit of other
>members, I have copied the Transaction and Business Issues lists. If
>you receive duplicate messages, please excuse the inconvenience.
>
>
>
>
>-----Original Message-----
>From: Miriam Paramore [mailto:[EMAIL PROTECTED]]
>Sent: Wednesday, December 18, 2002 3:48 PM
>To: WEDI SNIP Testing Subworkgroup List
>Subject: FW: Public Comment: NCQA Releases Draft Standards for Privacy
>Certification Program For Business Associates
>
>In a recent post during the discussion of certification, I mentioned
>this
>program that NCQA is doing. Notice they use the word "certification".
>Even
>though this is for Privacy, it shows that groups like WEDI are trying
to
>set
>the bar.
>
>Best Regards,
>
>Miriam J. Paramore
>President & CEO
>PCI: e-commerce for healthcare
>9001 Shelbyville Road
>iTRC Building
>Louisville, KY 40222
>502-429-8555
>www.hipaasurvival.com
>
>
>
>---
>The WEDI SNIP listserv to which you are subscribed is not moderated.
The
>discussions on this listserv therefore represent the views of the
>individual participants, and do not necessarily represent the views of
>the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an
>official opinion, post your question to the WEDI SNIP Issues Database
at
>http://snip.wedi.org/tracking/. These listservs should not be used
for
>commercial marketing purposes or discussion of specific vendor products
>and services. They also are not intended to be used as a forum for
>personal disagreements or unprofessional communication at any time.
>
>You are currently subscribed to wedi-testing as: [EMAIL PROTECTED]
>To unsubscribe from this list, go to the Subscribe/Unsubscribe form at
>http://subscribe.wedi.org or send a blank email to
>[EMAIL PROTECTED]
>If you need to unsubscribe but your current email address is not the
>same as the address subscribed to the list, please use the
>Subscribe/Unsubscribe form at http://subscribe.wedi.org
>
>
>
>---
>The WEDI SNIP listserv to which you are subscribed is not moderated.
The discussions on this listserv therefore represent the views of the
individual participants, and do not necessarily represent the views of
the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an
official opinion, post your question to the WEDI SNIP Issues Database at
http://snip.wedi.org/tracking/. These listservs should not be used for
commercial marketing purposes or discussion of specific vendor products
and services. They also are not intended to be used as a forum for
personal disagreements or unprofessional communication at any time.
>
>You are currently subscribed to wedi-testing as: [EMAIL PROTECTED]
>To unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED]
>If you need to unsubscribe but your current email address is not the
same as the address subscribed to the list, please use the
Subscribe/Unsubscribe form at http://subscribe.wedi.org
>
_____________________________________________________________
Get 25MB, POP3, Spam Filtering with LYCOS MAIL PLUS for $19.95/year.
http://login.mail.lycos.com/brandPage.shtml?pageId=plus&ref=lmtplus
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The
discussions on this listserv therefore represent the views of the
individual participants, and do not necessarily represent the views of
the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an
official opinion, post your question to the WEDI SNIP Issues Database at
http://snip.wedi.org/tracking/. These listservs should not be used for
commercial marketing purposes or discussion of specific vendor products
and services. They also are not intended to be used as a forum for
personal disagreements or unprofessional communication at any time.
You are currently subscribed to wedi-testing as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the
same as the address subscribed to the list, please use the
Subscribe/Unsubscribe form at http://subscribe.wedi.org
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.
You are currently subscribed to wedi-testing as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
---The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.
You are currently subscribed to wedi-testing as: [email protected]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
