Skip: It is difficult for me to see why your posting is dissimilar to some of the other of the mudslingers; while attempting to take the high road, you suggest ulterior motives to those that take issue with the world as it exists today and pat your own guys on the back (albeit deservedly!). That said, I am really glad you wrote your thoughts and I can imagine that you get a little miffed at the cheap shots. All of us are a bit tired of it honestly, and having to keep our heads down to avoid getting slammed.
Your conclusions about why the white paper were 'watered-down' are not quite accurate, in my opinion. It wasn't due to other vendors unwillingness to explicitly state certification definitions. Many viewpoints were expressed regarding certification, but most didn't carry over into the Whitepaper, and again, in my opinion, appeared weighted toward the position of your company. I don't want to rehash this issue, but I have a long email thread that I could share with you if you like. I personally care little about past mistakes, motives of the players, finger-pointing or the like. What we all are agreeing on is to move forward in an honest, open manner and get this thing back on track. A significant point I would like to raise for further discussion, one that I hope will be taken up by a committee within the Testing Sub workgroup: Is it WEDI's position and recommendation that each vendor define "what certification means to them" or is the true value of certification found when it is standardized and vendor-agnostic? I have seen it attempted both ways. After being involved in the QA/Testing and Certification profession for over a decade in across a wide variety of industries, I have come to appreciate the beauty and necessity of the latter approach. I have some very straightforward recommendations how this could be accomplished, quickly and at minimal expense. I am hoping that the Testing sub workgroup will soon be able to take this up in earnest again and remedy any current shortcomings and happy to assist in whatever way I can. Thanks. Michael DeRoche HIPAA Testing, Inc 602.738.3351 direct 480.946.7200 office 866.447.2283 toll-free 877.825.8309 fax HIPAA Testing, Inc www.hipaatesting.com <http://www.hipaatesting.com/> "Advanced Testing and Certification Solutions" CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message -----Original Message----- From: Skip McKinstry [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 19, 2002 11:42 AM To: WEDI SNIP Testing Subworkgroup List Subject: Re: The HIPAA Hoax This message contains three things: First, I am going to vent a little about the level of noise and the absurd animosities I have seen exhibited by some on this list. Second, I am going to reiterate a few things regarding Claredi positions that I think have been very often misrepresented, intentionally or otherwise. Third, despite the fact that I do not participate in the Testing white paper workgroup (Claredi is already well-represented) I have a modest proposal for a change to the white paper that should help refocus the debate toward testing and away from certification. THE VENT I am continually astonished at the level of animosity toward 'certification' shown by a very small number of contributors to this list. It is also clear that many if not most among that small number are affiliated with one of the testing services. Perhaps in the interest of full disclosure we should ask contributors to these threads to FULLY reveal their affiliations--for whom they work, for whom they consult, and who they truly represent. It has become clear, at least to me, that the animus toward 'certification' merely uses the word 'certification' or 'the only vendor who certifies' as a placeholder for Claredi. That is the cost of leadership and we readily accept that. Claredi, in particular Kepa Zubeldia and Larry Watkins, have taken leadership roles in this industry by contributing literally over half their time every week for the past 10+ years to a variety of healthcare industry service organizations. It is not clear to me how anyone who has been around this industry very long could seriously challenges these two gentlemen's motives, altruism, expert status, or contribution to healthcare/HIPAA EDI. Now that they have formed a company, working within the spirit of the free enterprise system, to deliver a service which they are doubtless qualified to provide they are accused of foisting a 'HIPAA Hoax' on the industry. In the long run these attacks will do much more damage to the attackers than to those they seek to malign, especially those attacks which are deliberate misrepresentations of the truth. Is it possible that some of the noise on this list is intended to confuse the issues in an attempt to gain market share for the 'other' third-party services? Regardless, such direct attacks on Claredi are inappropriate for the WEDI SNIP listservs, and must stop. THE CLARIFICATION All that aside I would like to address a number of glaring misunderstandings. First, while we agree that there is a market desire for certification, Claredi has never, not once, not ever, suggested that certification is required under the law. And we never will, except in the very unlikely event that the regulations change. Second, we do not presume to guarantee that an organization that has achieved our certification will always and forever generate compliant transactions. Of course no one can do that. We simply say that specific transactions submitted to us for analysis have been demonstrated to by compliant. One may easily challenge the value of that, but to suggest that we have ever called certification anything other than that is to create a straw man fallacy-- perhaps in the interest of market obfuscation. So what do we say is the value of that certification? Similar to what everyone wants to ascribe to the term 'validation' we simply say that it will reduce the amount of one-on-one testing you must do to achieve interoperability with your trading partners. Does certification in and of itself provide interoperability? Of course not. And once again, suggestions that this is our claim may well be an intentional effort to confuse the market. We also believe that some of the value of any certification is relative to the extent that the 'certifier' is willing to stand behind it. We have clearly stated what we will stand behind and are therefore comfortable with calling it certification. I would hope that when any vendor uses the term certification or even validation that they would define it clearly and be willing to stand behind it on behalf of their customers. Claredi alone has fully disclosed what our certification means and what it ought to mean. We completely agree that the definition within the white paper is so vague as to be meaningless. However, some competing vendors, who have thus far refused to explicitly state what their own definitions of certification are (and they DO use that term in their marketing) forced the watered-down version in the white paper. Third, Claredi has never stated and never will state that simply testing with Claredi and achieving 'certification' is all that is necessary to guarantee interoperability. Every health care organization has a responsibility to do very extensive testing of all their systems. We encourage all kinds of testing and have no problem with those who wish to bring their years of EDI and QA experience in other industries to enlighten the healthcare community about the very real needs in that area. We do not feel that is incompatible with our model in any way. THE MODEST PROPOSAL In the interest of refocusing this entire debate onto the topic of testing and away from certification, I would propose the following change to the white paper: Because testing and certification are intimately linked, I still think certification should be addressed within the white paper. But it does not have to provide a definition. Let the market work that one out. And it will. It has for almost every other certifying body I know of. In the interest of serving the industry, it is probably inappropriate for WEDI to ignore the topic of certification. However, as long as it is believed that any particular specific definition of certification serves only the vendor who brings that definition forward, the white paper should address the issue in an objective manner. The paper can state the obvious: that HHS has explicitly, in the regulations, stated that it will not be getting into the certification. However, they did recommend that the industry come up with some kind of solution because it would be of value. WEDI could, therefore, in the spirit of objectivity and agreement with the intent of the regulations, state that several solutions have arisen in the marketplace to meet this challenge. I would still argue that it is appropriate for WEDI to state that certification can help HCOs to achieve some reduction in the overall amount of testing they must do to achieve interoperability but that no one should consider that level of testing to be sufficient. Finally, the paper should recommend that anyone who is interested in certification should ask any vendor they are considering for that service to explicitly define what they mean by the term certification. Maybe then we can get back to the namesake of this list and stop wasting bandwidth on the certification sideshow. Testing is where the real issues are and all the vendors can begin to differentiate themselves on the quality of their testing services rather than taking potshots at one another. Hope this helps. Skip McKinstry VP Marketing CLaredi > From: "David Frenkel" <[EMAIL PROTECTED]> > Reply-To: "WEDI SNIP Testing Subworkgroup List" <[EMAIL PROTECTED]> > Date: Thu, 19 Dec 2002 09:18:53 -0800 > To: "WEDI SNIP Testing Subworkgroup List" <[EMAIL PROTECTED]> > Subject: RE: The HIPAA Hoax > > Marcallee, > If you are going to quote statistics it would be helpful if you sited > where these numbers came from. > > Regards, > > David Frenkel > Business Development > GEFEG USA > Global Leader in Ecommerce Tools > www.gefeg.com > 425-260-5030 > > -----Original Message----- > From: Marcallee Jackson [mailto:[EMAIL PROTECTED]] > Sent: Thursday, December 19, 2002 7:15 AM > To: WEDI SNIP Testing Subworkgroup List > Subject: RE: The HIPAA Hoax > > If HIPAA certification has been a hoax all along, it may quickly become > one of the most costly healthcare has experienced! Think of this, given > the pricing model of one of our vendors, if the following number of > entities has certified, the approximate fees for doing so would be over > $20,000,000 annually: > > Physicians 10,000 certifiable entities $ 6,000,000 > Hospitals 5,000 certifiable entities $12,000,000 > Vendors 500 certifiable entities 3,000,000 > TOTAL $21,000,000 > > And that would only be scratching the surface of the number of entities > that our paper recommends certify! 21 million dollars (and growing) > worth of waste in a system that is struggling for money is hard to laugh > at. > > -----Original Message----- > From: John Singer [mailto:[EMAIL PROTECTED]] > Sent: Thursday, December 19, 2002 6:57 AM > To: WEDI SNIP Testing Subworkgroup List > Subject: The HIPAA Hoax > > Rama, > > I may have to disagree with you a little bit. Until someone can certify > third parties you cannot tell me that their tool is any better than > something developed internally. Some translators have EDI validation > built in and let's say they produce 98% compliant transactions, they > test with a third party who tool is 95% compliant, in effect they have > just lowered the quality of their validation because they changed their > intrepretation to agree with someone else's tool. > > These discussions are almost laughable if they didn't have such serious > consequences to the covered entity. These EDI testing companies > basically gave everyone an easy way out to test compliance without any > guarantee on the backend. Send one file in and get certified, give me a > break. This is most likely caused by the fact that reviewing the bio's > of all the major EDI validation vendors, it is doubtful you will find > software testing or certification as part of their training or > expertise. They are software vendors plain and simple, trying to sell > product with no way to prove their software is any better than anyone > else's. > > We should nominate this discussion thread as HIPAA's biggest hoax. > Roswell, crop circles, bigfoot and now we can add certification to the > list all at the expense of the most vulnerable segment - the covered > entity... shame on you. Best of luck to CMS trying to prove or disprove > compliance given these set of circumstances. > > John Singer > Duluth, MN. > -- > > On Thu, 19 Dec 2002 02:25:22 > John Carter wrote: >> Let me first say that our company will continue to use "Third-Party >> Certification" because it is a very useful TOOL for us. The only better >> possible tool would be an OPEN SOURCE application that can be used for >> testing/certification of transactions by everyone for free. >> >> You are correct when you say certifying a transaction is easy (when all >> you do is tweak your output). In our case, we made a point to create a >> cross section of all types of encounters from every provider on our >> network. We have been using "Third-Party Certification" for over a > year. >> We have "Certified" all of the approved transactions we create. We have >> also beta-tested and/or true-tested with several payers. In every case > I >> can create a file that will pass certification but will not be >> acceptable by the payers system. Two examples are (1) Bugs in the >> certifiers system and (2) Different interpretation of the IG (e.g. >> include '001' revcode or not). In both of these cases the only problem >> was that the "Third-Party Certification" was either wrong or had a >> different interpretation of the guides. Neither of the covered entities >> were wrong. You a correct in saying that what we call "certification" >> today doesn't really mean the interoperability it was proposed to >> foster. >> >> And now my point... >> Third-Party Certification is a useful TOOL. The relatively young IG's >> have too many problems for any certification to guarantee >> interoperability. My concern is that Third-Party Certification is being >> over hyped and the white papers related to it serve the business of >> Third-Party Certification more than the serve the health care industry >> at large. Moving too quickly to require more and more certification is >> great if you are in the certification business. >> >> John Carter >> [EMAIL PROTECTED] >> >> >> >> -----Original Message----- >> From: Marcallee Jackson [mailto:[EMAIL PROTECTED]] >> Sent: Thursday, December 19, 2002 12:50 AM >> To: WEDI SNIP Testing Subworkgroup List >> Cc: 'WEDI SNIP Transactions Workgroup List'; 'WEDI Business Issues >> Subworkgroup List' >> Subject: NCQA Certifies Compliance SNIP Comes Up Short >> >> >> I think that the NCQA program for certification shows how much work we >> have in store for us here at WEDI-SNIP. To date, our testing and >> certification white paper focuses on a process that "certifies" TCS >> compliance based on a single isolated event. I maybe wrong, but I > don't >> think this is correct. The successful test of a single transaction > set >> could very well be meaningless in the big picture. >> >> For example, clearinghouses have been certifying transactions for > months >> now based on our recommendation to the industry that they do so. To > not >> certify with Claredi today would be near suicide for a clearinghouse. >> But has their certification moved the industry further toward >> compliance? Is it much more than costly PR fluff? When a > clearinghouse >> announces to its clients it has achieved certification, it does so in >> order to show compliance and put their client's minds at ease but > should >> it? >> >> A clearinghouse that is able to exchange standard transactions is not >> necessarily anywhere near compliance and neither are many/most of its >> customers! For a clearinghouse, testing and certifying a standard >> transaction is easy. It's getting the standard transaction or >> non-standard equivalent for translation from their client that's the >> hard part. If a clearinghouse hasn't validated they're ability to >> translate non-standard to standard for a wide range of provider types, >> they should not be "certified" as HIPAA compliant. But how often are >> covered entities told they should ask their clearinghouse if they are >> "certified"? How often are they told what that certification will >> really mean to them? >> >> A similar situation exists with vendors. Sure the vendor can test and >> show that at one point he was able to submit a file that passed a set > of >> edits but does that mean his users will achieve compliance? No. Even >> if the software is tested and proven to have the capability of handling >> standards, without the required data elements for a claim, a compliant >> 837 is not possible. System remediation is only a part of the >> compliance effort. Operational remediation is also a must. In > addition, >> few systems being certified are capable of rejecting transactions or >> transaction sets that are not fully compliant. If the system cannot >> differentiate between a non-compliant inbound transaction and reject > it, >> and it accepts and processes non-compliant transactions, is it a HIPAA >> compliant system? >> >> So it's clear our paper doesn't suggest real certified compliance for >> these entities or their clients and we haven't even begun to look at > the >> compliance of the certifier. Who are these people to be certifying in >> the first place? What are their qualifications? What methodologies do >> they follow and who decided that theirs was the one that was right? If >> a provider tested and certified with one entity and later was found to >> be non-compliant, does that mean that all the entities certifying with >> that certifier now have questionable certification? >> >> When you look at the level of detail that goes into the NCQA >> certification process and really think through what is needed for TCS >> compliance, not just in terms of HIPAA compliance but in terms of >> compliance with other business requirements too (requirements that > would >> ensure interoperability for example), it is easy to see that we come up >> very short and have perhaps, unintentionally mislead the industry into >> believing that they got something from TCS certification that they did >> not, certification of HIPAA compliance. >> >> I think we need to stop and ask ourselves, does SNIP really have the >> time, resources and expertise to develop a proper HIPAA Transactions > and >> Code Sets Compliance Certification Program? Can we do it in the >> timeframe in which it needs to be done? Or is our goal really > something >> less than certification? Is it really validation? Webster's defines >> certification as 1. to attest as certain 2. to guarantee; endorse - but >> the one entity who has published its process of certification offers no >> guarantee and no warranty. Validate is defined as to make valid; >> substantiate. Substantiate is defined as to establish by proof or >> competent evidence. It seems pretty clear that our recommended > process >> for testing can only result in validation of testing compliance not >> certification of HIPAA TCS and Code Set compliance. >> >> I am new to the testing list. Maybe this whole issue was put to bed a >> long time ago. If it has, I apologize to the group but ask that we run >> through it one more time for the benefit of the newcomers. Why are we >> stuck on "certification"? What's wrong with "validation"? Seems to > me >> one of our vendors has already described for our list an excellent >> process for validation but the issue seems to be they call their > process >> certification. A rose by another name doesn't stink. Does validation >> bring less value to the industry? No, because validation brings the >> savings we have been talking about, shorter testing. Does > certification >> bring greater value to the industry, quite likely it does but I would >> submit that certification, as it is actually defined and as a >> methodology, has not been our real focus here to-date. >> >> I know there are people who have a great many years of experience in >> testing and certification looking at our process now and finding it >> lacking. I think these folks may have a pretty good case. I have seen >> a white paper derailed when one of our groups could not form consensus >> and a well articulated and perhaps valid argument was presented by a >> group similar to the one that is forming against our interpretation of >> certification. Can we afford to have our paper on testing derailed >> because of one word? Especially when it seems we have to bend the >> meaning of that word in order to make it fit? >> >> I encourage the group to ask themselves, are we listening? Are we open >> to contrary opinions and interpretations on this issue? How are we >> addressing them? Are we using some formal method to do so? I think we >> need to be careful to cross our t's and dot our i's because when an >> industry who thinks they paid for certification ends up only with >> validation, we could be the ones to blame. >> >> Marcallee Jackson >> Long Beach, CA >> 562-438-6613 >> >> P.S. Because this issue is so critical and for the benefit of other >> members, I have copied the Transaction and Business Issues lists. If >> you receive duplicate messages, please excuse the inconvenience. >> >> >> >> >> -----Original Message----- >> From: Miriam Paramore [mailto:[EMAIL PROTECTED]] >> Sent: Wednesday, December 18, 2002 3:48 PM >> To: WEDI SNIP Testing Subworkgroup List >> Subject: FW: Public Comment: NCQA Releases Draft Standards for Privacy >> Certification Program For Business Associates >> >> In a recent post during the discussion of certification, I mentioned >> this >> program that NCQA is doing. Notice they use the word "certification". >> Even >> though this is for Privacy, it shows that groups like WEDI are trying > to >> set >> the bar. >> >> Best Regards, >> >> Miriam J. Paramore >> President & CEO >> PCI: e-commerce for healthcare >> 9001 Shelbyville Road >> iTRC Building >> Louisville, KY 40222 >> 502-429-8555 >> www.hipaasurvival.com >> >> >> >> --- >> The WEDI SNIP listserv to which you are subscribed is not moderated. > The >> discussions on this listserv therefore represent the views of the >> individual participants, and do not necessarily represent the views of >> the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an >> official opinion, post your question to the WEDI SNIP Issues Database > at >> http://snip.wedi.org/tracking/. These listservs should not be used > for >> commercial marketing purposes or discussion of specific vendor products >> and services. They also are not intended to be used as a forum for >> personal disagreements or unprofessional communication at any time. >> >> You are currently subscribed to wedi-testing as: [EMAIL PROTECTED] >> To unsubscribe from this list, go to the Subscribe/Unsubscribe form at >> http://subscribe.wedi.org or send a blank email to >> [EMAIL PROTECTED] >> If you need to unsubscribe but your current email address is not the >> same as the address subscribed to the list, please use the >> Subscribe/Unsubscribe form at http://subscribe.wedi.org >> >> >> >> --- >> The WEDI SNIP listserv to which you are subscribed is not moderated. > The discussions on this listserv therefore represent the views of the > individual participants, and do not necessarily represent the views of > the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an > official opinion, post your question to the WEDI SNIP Issues Database at > http://snip.wedi.org/tracking/. These listservs should not be used for > commercial marketing purposes or discussion of specific vendor products > and services. They also are not intended to be used as a forum for > personal disagreements or unprofessional communication at any time. >> >> You are currently subscribed to wedi-testing as: [EMAIL PROTECTED] >> To unsubscribe from this list, go to the Subscribe/Unsubscribe form at > http://subscribe.wedi.org or send a blank email to > [EMAIL PROTECTED] >> If you need to unsubscribe but your current email address is not the > same as the address subscribed to the list, please use the > Subscribe/Unsubscribe form at http://subscribe.wedi.org >> > > > _____________________________________________________________ > Get 25MB, POP3, Spam Filtering with LYCOS MAIL PLUS for $19.95/year. > http://login.mail.lycos.com/brandPage.shtml?pageId=plus&ref=lmtplus > > --- > The WEDI SNIP listserv to which you are subscribed is not moderated. The > discussions on this listserv therefore represent the views of the > individual participants, and do not necessarily represent the views of > the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an > official opinion, post your question to the WEDI SNIP Issues Database at > http://snip.wedi.org/tracking/. These listservs should not be used for > commercial marketing purposes or discussion of specific vendor products > and services. They also are not intended to be used as a forum for > personal disagreements or unprofessional communication at any time. > > You are currently subscribed to wedi-testing as: [EMAIL PROTECTED] > To unsubscribe from this list, go to the Subscribe/Unsubscribe form at > http://subscribe.wedi.org or send a blank email to > [EMAIL PROTECTED] > If you need to unsubscribe but your current email address is not the > same as the address subscribed to the list, please use the > Subscribe/Unsubscribe form at http://subscribe.wedi.org > > > --- > The WEDI SNIP listserv to which you are subscribed is not moderated. The > discussions on this listserv therefore represent the views of the > individual participants, and do not necessarily represent the views of > the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an > official opinion, post your question to the WEDI SNIP Issues Database at > http://snip.wedi.org/tracking/. These listservs should not be used for > commercial marketing purposes or discussion of specific vendor products > and services. They also are not intended to be used as a forum for > personal disagreements or unprofessional communication at any time. > > You are currently subscribed to wedi-testing as: [EMAIL PROTECTED] > To unsubscribe from this list, go to the Subscribe/Unsubscribe form at > http://subscribe.wedi.org or send a blank email to > [EMAIL PROTECTED] > If you need to unsubscribe but your current email address is not the > same as the address subscribed to the list, please use the > Subscribe/Unsubscribe form at http://subscribe.wedi.org > > > --- > The WEDI SNIP listserv to which you are subscribed is not moderated. The > discussions on this listserv therefore represent the views of the individual > participants, and do not necessarily represent the views of the WEDI Board of > Directors nor WEDI SNIP. If you wish to receive an official opinion, post your > question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. > These listservs should not be used for commercial marketing purposes or > discussion of specific vendor products and services. They also are not > intended to be used as a forum for personal disagreements or unprofessional > communication at any time. > > You are currently subscribed to wedi-testing as: [EMAIL PROTECTED] > To unsubscribe from this list, go to the Subscribe/Unsubscribe form at > http://subscribe.wedi.org or send a blank email to > [EMAIL PROTECTED] > If you need to unsubscribe but your current email address is not the same as > the address subscribed to the list, please use the Subscribe/Unsubscribe form > at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-testing as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-testing as: [email protected] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
