Bob:
Maybe we're not "at a crossroads" if it's just a matter of having
different definitions of things. Maybe that's why Rachel keeps on
insisting we come to terms with, ...well, "terms."
Take "proprietary" vs "non-proprietary." As in ID schemes (or domains).
There's no allowance for the use of proprietary ISA sender and receiver
IDs in the ISA - unless you mean the "ZZ" (mutually defined). Rachel
gave us yesterday the list of valid sender and receiver qualifiers
(domains) that may appear in a HIPAA compliant ISA:
01 Duns (Dun & Bradstreet)
14 Duns Plus Suffix
20 Health Industry Number (HIN)
27 Carrier Identification Number as assigned by Health Care Financing
Administration (HCFA)
28 Fiscal Intermediary Identification Number as assigned by Health
Care Financing Administration (HCFA)
29 Medicare Provider and Supplier Identification Number as assigned
by Health Care Financing Administration (HCFA)
30 U.S. Federal Tax Identification Number
33 National Association of Insurance Commissioners Company Code
(NAIC)
ZZ Mutually Defined
All but the last, ZZ, are non-proprietary schemes, in that they have a
well understood meaning and a single Registration Authority (RA).
D-U-N-S 072930527 is unambiguously Novannet, LLC. Likewise, NAIC 54771
means Highmark. I'm sure someone could come up with their HIN if
they're with a hospital or are a practitioner. Okay, maybe something
like the DUNS+4 is semi-proprietary - in that the convention dictates
the entity identified by the D-U-N-S in the first 9 digits assigns the
last 4 digits. The HIN probably works the same way as DUNS+4. But I
really don't see any wiggle room in most of these enumeration systems
for any but the RA (e.g., HIBCC in the case of the HIN, Dun & Bradstreet
in the case of the D-U-N-S) to assign values - putting aside the
possibility the "owner" can augment the values (e.g., DUNS+4 or the
HIN).
The only qualifier left is the "ZZ" (mutually defined) which could be
construed as (fully) proprietary, and left to the whims of a payer or
intermediary to assign for the provider to use. The HIPAA IG admittedly
says you can use "ZZ", and its use is therefore perfectly HIPAA
compliant.
But a proprietary ID numbering system is not standard (your "ZZ" value X
is way different from another Clearinghouse's or Payer's "ZZ" value
X). I'm at a loss to figure out how this group can build any
recommendations for Trading Partner Identification based on its use.
"ZZ" means whatever the beholder (the payer or the CH) says it means,
and hence it is difficult to use as an interoperable standard for
Identification.
William J. Kammerer
Novannet, LLC.
+1 (614) 487-0320
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: "WEDi/SNIP ID & Routing" <[EMAIL PROTECTED]>
Sent: Wednesday, 23 January, 2002 02:31 PM
Subject: Re: Whose name is it, anyway?
William,
Well, we are definitely at a crossroads.
I strongly disagree with your assertion that use of ZZ and proprietary
IDs could be construed as adversley impacting and therefore
non-compliant.
I understand fully your intent and where you are going.
I disagree strongly with that direction and your insistance on
separating the security aspects from the ISA issues. To me, that is
doing the industry a disservice. You are moving to 'solve' a problem by
ignoring another part of it. The supply side of health care is running
quite differently than the 'insurance' side. VANs, drop boxes etc are a
strong part of the supply side. Not of the insurance side. The
insurance side is predominantly point to point. You may want to change
things, but that takes a lot of time, and to do that you must address
the full picture. And the security issues are an inherent part of that
picture.
Routing is NOT an issue today. We receive millions of claims per month
from providers, billing services and clearinghouses. At last check, we
have been receiving over 600,000 claims per month in X12 format. So do
lots of others. The routing is there. Under HIPAA, it will still be
there, and will be handled point to point.
If you want to work on standardization of the ISA, I suggest that the
ISSUE behind standardization is not routing, it is minimizing the number
of IDs that must be maintained by the trading partners. And that issue
can not be resolved without including the security issue.
If you were to be highly successful and got the entire industry to move
to a specific ID type for the ISA for each type of trading partner, you
would STILL have a proliferation of IDs and passwords that were trading
partner specific for access control and security.
Someday, we may have good certificate solutions and encryption and
Internet transport that will point to a total solution. Then a DNS or
common directory will make security, routing and identification
childsplay. People will wonder why this was such a probelm. It's just
not here yet.
In my opinion, the best bet is trying to move toward that future.
But, as I said, we are obviously on different poles when it comes to
defining the problem to be solved.
Good luck.
Bob
