Kepa: 1. I am not a vendor neither in an individual capacity nor belong to any vendor org. So, I HAVE NO AGENDA!
2. Until lot of vendors and some people NOT belonging to any vendor, jumped in, and defined it as third party assessment, one vendor, you know who ;-), was pushing Certification through the white paper, going to the extreme of saying since there is no entity to certify the certifier, all the industry must go through this one vendor, you know who ;-), for certification. Many people are irked by this brazen push and advertisement using the WEDI SNIP. That's past now, as the white paper clearly defines Certification as Third Party Assessment(TPA), and NOT somthing thing to hang on the wall (this something to hang on the wall was both the popular perception and popular expectation). It should be fairly easy to replace the word Certification with TPA in the white paper. Proposal for vendor consortium is the natural consequence of not having any mechanism or entity to certify the certifier, but 'certification' as a word, is irrelevant with its new definition. So why not call it what it is, third party assessment (TPA)... 3. Like I said before, the three phase testing model of (i) internal testing, (ii) Third Party Assessment (formerly Certification), and lastly (iii) B2B - TPA testing, in that order, which the white paper recommemnds, due to one vendor's push;-), is still flawed IMHO. I say this because, people can and probably should use Third Party Tools/Services in phase (i), internal testing, itself. Many don't have a clue on how to get started with testing. They'll never get to the certificaton phase (ii). Some third party tools do offer automatic test case generation, which can and should be used for the internal testing. So a covered entity, payor or provider, using a translator or other software with HIPAA compliance checker and a third party tool/service for testing in phase (i) will not have to go through a phase called certification (ii), as recommended by the updated and previous versions of the white paper, before they do their B2B TP testing. They still will have to do some beta testing with some TPs before testing with more TPs and finally have what I call a good suite of smoke tests to test with all TPs to make sure they can do business together. An analogy for this last step is like sending a test email from a new account or between few new accounts. This is what many call different approaches to testing than what is recommended by the white paper. 4. I can see why a lot of vendors are irked and probably irritated by the word certification as it was being pushed through the white paper by one vendor, especially when certification is not mandated, and after it is defined as third party assessment. A certain approach being recommended through a WEDI-SNIP white paper when it is flawed in the light of the new and correct definition of ccertification as third party assessment is also irksome to these vendors. 5. Vendor consortiums have worked before and will work now. To summarise... A covered entity will definitely benefit a lot by using a third party tool or service for testing and this is NOT certification, as the word is used in general or it's popular perception, in different walks of life, but don't have to go through the 3 phases as suggested in the white paper but there are more phases actually and ... lastly vendor consortium is the only way to have a bunch of test cases pass compliance with most vendor tools. Regards, Rama. -- ---- Kepa Zubeldia <[EMAIL PROTECTED]> wrote: > Rama, > > Let me make some observations.... > > The white paper describes testing in much more detail than certification. > It > describes what kinds of tests should be done in a detail that was never > > before described in this industry. The description of certification > as a > third party assessment is as far as the white paper goes. So, the > emphasis > of the WHITE PAPER is on testing, not on certification. > > Given the number of trading partners that have to be compliant with > HIPAA, if > each pair of trading partners is going to test with each trading partner, > we > will never be able to finish the testing task. As an analogy, if every > time > I go to a different gas station to fill up my tank I need to have the > gas > pump tested for accuracy, pumping gasoline will become a lot more expensive. > > The white paper points at the tremendous economies that the industry > will > achieve by reducing the amount of one-on-one testing. Instead of testing > > one-on-one among each pair of trading partners for all aspects of HIPAA > > compliance, you can test for all the non-trading-partner-specific aspects > > thoroughly once, and then only test for trading partner specific aspects > when > you engage each trading partner. This reduces the amount of testing > that > needs to be repeated and minimizes waste. > > Of course the reduction of the amount of testing for the entire industry > also > means that the market size for those of us that are in the testing > business > gets reduced. But the entire industry benefits from it. > > Certification of compliance of the HIPAA transactions is not an easy > process. > You not only need to have both the EDI expertise and the healthcare > > expertise, but you need to be able to produce a "provable" result and > stand > behind it. This involves a very high liability. > > Any progress in the right direction is progress. The fact is that > the > testimonials are starting to surface. Entities that have gone through > > thorough testing and a third party evaluation find that they can implement > > their trading partners much more efficiently. Payers are seeing a > > difference. The providers that come already certified can be brought > into > production MUCH quicker than the non certified. It only makes sense. > They > have done their homework. > > There is no incompatibility between testing and certification. One > does not > replace the other. Even if you are certified, you are going to have > to do > some testing with your trading partner. However the expense, effort, > and time > of the trading partner testing is greatly reduced. > > I don't understand why the reluctance to do a third party assessment > of your > transactions, especially if the price is right and you have a choice > of > third party assessors. Interestingly enough the objections that I > hear are > not coming from providers or payers, but from vendors, even vendors > of > testing products or services. Who are they speaking for? Somebody > is trying > to convince the industry that NOT obtaining third party certification > is > better than obtaining it. Does this make sense? > > Let the flames begin. > > Kepa > > > On Thursday 05 September 2002 09:09 am, Ramakrishna Pidaparti wrote: > > Hi All: > > > > I think the WEDI-SNIP white paper on testing and certification does > a > > good job on defining the "Types" (used to be "Levels") of tests from > > a HIPAA domain point of view. > > > > The push and shove for certification is not something many like at > this > > stage and rightly so. The focus should be on testing and not on > > certification > > but the emphasis is on certification in this whte paper. > > > > The model recommended in that white paper is, do your internal testing, > > go for certification (which is now defined to be third party assessment) > > before you do any B2B trading partner testing... to paraphrase. > > > > This is flawed in the sense an organisation using a translator with > a > > HIPAA compliance checker may still use a third party tools/service > during > > their internal testing phase to build an automated test suite for > example. > > Once they are confident, they can do some beta testig with some > TPs > > and then with more TPs when the interoperability confidence is even > higher. > > There is no need or room for certification here. > > > > The other important things missing from the white paper are, the > traditional > > Software Testing aspects of unit, system, integration, beta, acceptance, > > stress, load, performance and autoated testing that deserve a mention > > more than certification. > > > > Hopefully these are covered in the next verrion, with mroe emphasis > on > > testing and less on certification. > > > > Regards, > > > > Rama. > > -- > > > > ---- Sunny Singh <[EMAIL PROTECTED]> wrote: > > > Miriam, > > > > > > The issue we need to think about is not "certification against > something" > > > but rather than "testing against something". Testing conceptually > > > can be > > > implemented in a "nice to have", "imposes a good discipline for > partners > > > to > > > do some homework of their own" types of concept - not Certification. > > > I agree > > > something is better than nothing and the concept of testing is > a > > > work-in-progress > > > > > > I would very much like to hear some arguments for the cause of > why > > > is a > > > white paper suggesting certification when it is not definitive > and > > > at the > > > same time is unclear in its very concept and additionally gives > no > > > clue to > > > the user how close do they get to the real thing. The perception > is > > > also > > > that Certification gets them quite a ways - again a wrong perception. > > > > > > Thanks > > > Sunny > > > www.HIPAADesk.com - "Test your HIPAA Data Files in Real-Time" > > > www.edifecs.com > > > > > > -----Original Message----- > > > From: Miriam Paramore [mailto:[EMAIL PROTECTED]] > > > > Sent: Wednesday, September 04, 2002 7:41 PM > > > To: Sunny Singh; [EMAIL PROTECTED]; [EMAIL PROTECTED]; > > > [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; > > > [EMAIL PROTECTED] > > > Subject: RE: Certifications > > > > > > > > > My 2 cents on this topic. The undeniable reality is that every > single > > > trading partner in healthcare today accepts the "good enough" testing > > > method. There are no exhaustive test plans on either side. Until > now, > > > via > > > third parties, there has been no attempt at certification against > a > > > standard. We are making progress and it should be encouraged. > Perfection > > > is > > > a goal. > > > > > > To be removed from this listserv, please email [EMAIL PROTECTED] > > > <P>The WEDI SNIP listserv to which you are subscribed is not moderated. > > > The > > > discussions on this listserv therefore represent the views of the > > individual > > > participants, and do not necessarily represent the views of the > WEDI > > > Board of > > > Directors nor WEDI SNIP. If you wish to receive an official opinion, > > > post > > > your question to the WEDI SNIP Issues Database at > > > http://snip.wedi.org/tracking/. > > > Posting of advertisements or other commercial use of this listserv > > > is > > > specifically prohibited. > > > > > > > > > > > > -- > This email contains confidential information intended only for the > named > addressee(s). Any use, distribution, copying or disclosure by any other > > person is strictly prohibited. > > > To be removed from this listserv, please email [EMAIL PROTECTED] <P>The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. Posting of advertisements or other commercial use of this listserv is specifically prohibited.
