I can see software vendors wanting to say that they're "HIPAA certified." That's a great selling point - even if "certification" is not mandated by law. You as the doctor/practitioner want to have some assurance that your software vendor can generate compliant transactions (either onsite within your licensed software or at the vendor's site). That little holographic label (the one saying "HIPAA certified for ODs!") on your software box would give you, presuming you're an OD, some peace of mind that you're not dealing with some fly-by-night software vendor who could be responsible for holding up your claim payments.
But when push comes to shove, I believe the payer has to take your purported standard transactions (whether you write the software yourself or use an off the shelf package) - no ifs, ands or buts. And if they're not compliant standard transactions for some reason, I have to believe the payer will have to return you something (an 824 or an e-mail) promptly which clearly indicates at least where the first problem was found. So even if you didn't subscribe to a testing and certification service, you could still manage to have the payer do your debugging for you - as long as you wanted to wait for your payment! Of course, this is an issue for the WEDi/SNIP Testing Group and is none of our business. "...if the doctors can get their own interchanges to the payors," then it stands to reason the payers should have to return the responses through some standard channel other than a "mail drop-box on the payors server." Why shouldn't the payer have to use the same means of "discovering" where the provider is - say, Kepa's DNS "directory"? If the provider has said he takes e-mail'ed standard transactions as S/MIME attachments encrypted using this here certificate, that seems like a fairly standard and cost-efficient means of returning acknowledgements and responses. Forcing each provider to go through hoops polling an untold number of payers' web sites to access a "drop-box" seems like "an impediment to frictionless e-commerce and an extra cost providers can do without." Where have I heard that before? Power to the "little" people! Just call me the Huey "Kingfish" Long of EDI. William J. Kammerer Novannet, LLC. +1 (614) 487-0320 ----- Original Message ----- From: "Christopher J. Feahr, OD" <[EMAIL PROTECTED]> To: "William J. Kammerer" <[EMAIL PROTECTED]>; "WEDi/SNIP ID & Routing" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; "Scott Bussinger" <[EMAIL PROTECTED]> Sent: Sunday, 10 February, 2002 02:45 PM Subject: Re: Small Provider Software Vendors: Clearinghouse or mere business assoicate? I don't think there is any doubt that the vendor would make himself a covered entity/CH if he was constructing the transactions and building the interchanges for his doctor-clients. But I don't really see this as any more onerous for the vendor... "In for a penny, in for a pound". If the vendor isn't building error-free interchanges based on the information streaming in from his doctors, then his doctors are still going to expect him to have written the software to accomplish this effectively "by remote control". If the doctors and staff members are the ones actually pushing the buttons and creating the messages, then are we going to be able to certify "Acme OD Manager" software as "tested and certified HIPAA compliant"... or will we have to certify each office using the software? I don't know why a software vendor would not want to offer a centrally managed [true CH] model to his doctor-customers. But to be fair and inkeeping with the letter of HIPAA, he needs to also provide a theoretical point-to point path for the doctor to the payor (and possibly back again). Even if the doctors can get their own interchanges to the payors, the return paths will not be easy for payors to figure out... leaving them little other choice than the "mail drop-box on the payors server" option described by Peter as essentially unfair for the provider. When the process matures to the present level of email routing, we *may* see providers (and payors) unplugging from these CH-agents and going direct. But then "direct" is only an illusion and at the end of the day, I really think doctors would rather not worry about this crap... and get a monthly bill! (But then you do have nutty doctors doing their own electrical wiring... I'm one of them!) Regards, Chris
