Wes, I wouldn't at all be surprised to learn that the actual situation of how CMS really handles communications is much different than its public policy statements ... and along the lines you outline below.
Unfortunately, I don't see anything in the HIPAA final or proposed regs that requires the use of the Internet or any other transport method....only that if the Internet is used, encryption is required. So....I guest that the bottom line is that CMS can choose to go a different direction and not use the Internet, even though it has an Internet policy that would seem to allow it??? Strange world we live in...but this is our government in action. Rachel -----Original Message----- From: Rishel,Wes [mailto:[EMAIL PROTECTED]] Sent: Friday, May 03, 2002 3:04 PM To: 'WEDi/SNIP ID & Routing' Subject: RE: Medicare says 'no' to using the open internet Rachel, you probably know more about this than I, but here is what I have heard: a) the policy exists you cite exist, but b) program directives from CMS tell Medicare contractors to follow a different approach ... c) contractors except transactions over a CMS-built private IP-network that providers connect to by dialing into a modem bank which uses PPP. Going beyond what I have heard into speculation: Thus providers get to (maybe are required to) use IP-based protocols, but various security concerns are alleviated because the CMS IP network is not actually interconnected with the Internet. Among the requirements that would be removed would be the HIPAA requirement for encryption. (Hopefully, this note will be close or will stimulate someone telling us what the real situation is.) -----Original Message----- From: Rachel Foerster [mailto:[EMAIL PROTECTED]] Sent: Friday, May 03, 2002 12:34 PM To: 'WEDi/SNIP ID & Routing' Subject: RE: Medicare says 'no' to using the open internet Wes, et al, I would agree that the need to be able to specify a variety of transport methods and protocols goes beyond just what CMS requires....but it's incorrect to presume that CMS prohibits the use of the Internet. See my other post with CMS' current Internet policies. Rachel -----Original Message----- From: Rishel,Wes [mailto:[EMAIL PROTECTED]] Sent: Friday, May 03, 2002 2:18 PM To: WEDi/SNIP ID & Routing Subject: RE: Medicare says 'no' to using the open internet Since many payers will follow the CMS lead, the need is broader than only for Medicare. -----Original Message----- From: William J. Kammerer [mailto:[EMAIL PROTECTED]] Sent: Friday, May 03, 2002 11:39 AM To: WEDi/SNIP ID & Routing Subject: Medicare says 'no' to using the open internet I came across Christine Stahlecker's presentation entitled "Telecommunication and HIPAA: Issues, Concerns, Recommendations," given at the HIPAA SUMMIT WEST II on March 13 in San Francisco, at http://www.ehcca.com/presentations/HIPAAWest2/stahlecker.ppt. In there, she gives some "buzz" to our modest little work effort. Clearly, Chris shares our vision of Open-EDI and frictionless trading using the Internet, while still accommodating the important role of Clearinghouses in supporting providers and payers. Unfortunately, from what I can gather from one of Chris' bullets, a fly in the ointment is Medicare's (CMS) refusal to entertain use of the Internet for the exchange of standard EDI transactions because of real or perceived security concerns. Unless and until CMS changes its mind and authorizes the use of the Internet to exchange HIPAA transactions with Medicare contractors, we might have to provide some capability in our Delivery Channel ("EDI Address") to accommodate dial-up or leased line protocols - regardless of what I said in "Should we even waste time defining Delivery Channels (EDI Addresses) to accommodate non-IP protocols?" last Tuesday. Does anyone have any inside insight on CMS' resistance to using the Internet for the exchange of standard transactions? William J. Kammerer Novannet, LLC. +1 (614) 487-0320
