A new spreadsheet for the design of the Healthcare CPP (Electronic
Partner Profile) - "Elements of the Healthcare Collaboration-Protocol
Profile (CPP)" - along with an updated graphic model ("CPP model
diagram"), are available at http://www.novannet.com/wedi/. See
"Documents available for download" by scrolling past all the verbiage.
You may have to use the Internet Explorer "Expand to Regular Size"
button in order to read the graphic model, for otherwise the JPEG will
be fitted to the window making the text hard to make out.
Chris Feahr, our CPP spreadsheet editor, has not yet changed the "data
elements" page to correspond to the new graphic model. But he has added
more "worksheet" tabs: one is entitled "Requirements," which will be
well received by certain members of our team. Chris hopes the new
spreadsheet stuff will help you make sense of the model diagram.
Chris includes an interesting question in his "Issues" section of the
spreadsheet: "How much financial-routing information should be in a
public registry? Is it safe to publicly specify 'how to put money in my
bank account'?" I can certainly see how folks (providers) would be
queasy about letting just anyone on the web viewing the public
Healthcare CPP directory know where they bank, let alone what their
account number is.
But consider that everyone to whom I've ever written a check over the
last twenty years now has my bank's ABA routing code and my DDA number.
Though it would be puzzling if anyone deposited a large sum of money in
my account, it might not be cause of complaint: I do have anonymous
fans, after all. So I could be blessed like that Central Ohio couple
who were handed a quarter million; see "Bank error gives couple 250,000
reasons to praise God," in the Columbus Dispatch (December 15, 2001) at
http://www.dispatch.com/news/news01/dec01/987877.html. Praise the Lord.
It probably stands to reason that this identification information (it is
not authentication information, like secret PINs) is perfectly safe to
share with the world - which, indeed, a lot of companies do in order to
facilitate payment. The more pressing security problem to solve is how
to prevent an imposter from creating a CPP posing as a well known
provider, where the financial information points to the scofflaw's bank
account fooling payers into paying the wrong person. Some "liaisoning"
with X12F Finance and NACHA might be in order here.
Keep in mind that Kepa's directory has a lot of the demographic and
transaction fields that we will want in the Healthcare CPP; see
http://www.claredi.com/ and select "directory." A successful CPP design
will subsume all of Claredi's directory information.
William J. Kammerer
Novannet, LLC.
Columbus, US-OH 43221-3859
+1 (614) 487-0320
