David Frenkel asked:
>
> Are you saying the DOD is suing X12 in reference to HIPAA IG's?
No, the DoD is being sued by one of their certified VANs because the Federal
EDI Implementation Guide Part XII make a specification that is at variance
with the X12 syntax documents. DoD have asked X12 for a formal interpretation
of that particular prt of the standards. It is certainly true that a strict
interpretation of the case goes against DoD, in that the X12 documents do not
normally allow an entirely space-filled element - there must be at least one
non-space character which may be padded with spaces to fill a minimum length.
However, sadly during the historical development process, X12 failed to cover
this consistently in the BNF notation and the accompanying words, so that it
is possible from a legal point of view to say that the situation is not fully
unambiguous.
That strict interpretation would render almost every X12 transaction passed
today non-compliant, since it is common industry practice to convey the
value '00' in ISA01 and ISA03, with ISA02 and ISA04 being completely padded
with spaces. By the strict interpretation, the code value '00' means that
the qualified security or authority value is to be ignored, but that the
qualified field may not be blank. So the VAN's actions in rejecting any
transaction which has a blank field is technically correct, and the Federal
Guideline is technically incorrect - and hence the lawsuit.
It is also worth pointing out that any IC which violates the X12 standard
itself, never mind the Compliance document, is non-compliant. So, for example,
if two trading partners agree to exchange an 8-character date in their ISA
segment they are quite welcome to do so, but that is unequivocally not
compliant with the X12 standard which does not have any user-customisable
fields in the ISA segment.
> HIPAA is a federal mandate (law) regardless if the X12 guidelines have any
> legal merit.
You raise an interesting point, which is probably the only reason why it
is worth continuing this particular thread. HIPAA may find itself in a
similar situation to the DoD if it doesn't exactly comply with all the
X12 documents. The Federal Gov't is not like an ordinary trading partner,
able to come to whatever agreement it wants to with its trading partners -
it is bound by its own laws (extended to guidelines and rules, for example
FIPS 161) to fully comply with the available/suitable standards. Certainly
it has waiver rights as well, but these must be declared and formally exercised
and usually only for a certain period of time. The waivers are also open
to challenge in the courts.
If HIPAA have claimed X12 compliance, and then actually failed to comply
with an X12 document they lay themselves open to delays, misunderstandings
and ultimately litigation from some of its trading partners. Those who
are skating on the boundary of compliance themselves will take advantage
of the Gov't's shortcomings to cover their own positions and win time to
put their own house in order while attempting to make political and financial
capital out of the Gov't.
In an important new area of standardisation such as the HIPAA regulations,
it is especially important to make sure that every 'T' is crossed and every
'I' dotted so that the uptake of the rules can proceed with the minimum of
cost and delay - and that all the participants can know exactly where they
stand and what is required without any grounds for ambiguity. As the
situation currently stands, the HIPAA guidelines do not comply with the
"Compliance in X12" Technical Report - at what level is immaterial to the
principles involved, as the DoD case shows - and so those making and setting
the rules have laid themselves open to the possibility of costly delays and
litigation.
Jonathan
------------------------------------------------------------------------------
Jonathan Allen | [EMAIL PROTECTED] | Voice: 01404-823670
Barum Computer Consultants | | Fax: 01404-823671
------------------------------------------------------------------------------
=======================================================================
To contact the list owner: mailto:[EMAIL PROTECTED]
Archives at http://www.mail-archive.com/edi-l%40listserv.ucop.edu/
