1. Kepa is right - Edifecs offers Certification through HIPAA-Desk and other products. Edifecs defines Certification as a set of business rules established by a company/hub for exchange data (HIPAA or other) with its trading partners. A company can define its own criteria for data exchange. That is the decision and perogative of each individual hub company wanting to ramp up its trading community. Edifecs supports that concept of Certification. In such instances the rules are well-defined, definitive and comprehensive. So that concept works and has worked well in over the years.
I think Kepa might be confusing the issue with "industry-centric" Certification. Edifecs does not subscribe to that concept and no one to date has been able to explain this on this listserver or the white paper. 2. Firstly, I on behalf of myself and Edifecs want to strongly implore everyone not to take pop-shots at individuals and companies. It is a great that we have a forum for discussion and sharing and voicing opinions. Lets leverage the forum without compromising the very sanctity of freedom of idea exchange/discussion it provides and presents to all of us. We should however stick to the concepts being discussed and articulate the pros & cons of such concepts, its implications and ramifications. 3. A comment was made that the white paper has been approved. That is great. No one, I think, is taking away from the hard work that has gone into the white paper. We all applaud it and the participation into evolving the paper has only increased over time. This current discusion of "Testing vs Certification" will allow us to clear up the concepts discussed and promoted in the white paper and get further clarity for the next revision of the paper. Think of this discussion as ideas for v4.0. 4. And Folks I think this concept and topic can be put to rest if we can do 1 thing. Can someone come forward and tell us all the following - The white paper promotes and recommends Certification - but what is the criteria and rules of Certification. I would request anyone and I mean anyone to please educate us all and lay down the rules and criteria of Certification. And if we cannot then take it out. We recommend Testing in the white paper and we have done a good job in explaining exactly what is means. So I ask all of you - why can't you do the same for Certification. Why is one concept (Testing) so well defined yet another (Certification) only leading to confusion and on-going discussions. Thanks Sunny Edifecs www.HIPAADesk.com - Free Online HIPAA Testing Service -----Original Message----- From: Kepa Zubeldia [mailto:[EMAIL PROTECTED]] Sent: Monday, September 16, 2002 6:59 AM To: Sunny Singh; '[EMAIL PROTECTED]' Subject: Re: Testing or Certification Sunny, Interesting comments from one of the companies that offer "Certification" >From your own home page: "HIPAA-Desk is a comprehensive Transaction Compliance Testing & Certification service." "Data Testing, Validation & Certification. The world's leading validation technology for Testing & Certification." Maybe you ought to start walking your talk... Kepa On Saturday 14 September 2002 10:42 pm, Sunny Singh wrote: > The intent of this email is to make a case for just calling it > "Testing" rather than "Certification". If the reader is not > interested in this concept/ ideas please ignore this email. > > 1. Remove the word Certification from the white paper: I would suggest > that we remove the word "Certification" from the white paper and call > it Third Party Testing. The white paper does explain testing > criteria, types etc while does nothing to explain the rules or > criteria of Certification. We are all aggreeing to the fact that > Certification is not definitive, it is not comprehensive, it is a nice > to have, it is a good discipline for the providers to go through etc > etc. Well the way i look at it - that is testing. Certification by > its very interpretation and definition is definitive and tangible. > > If we say a submitter is certified - what does that mean. Does it > mean the submitter can now send good/clean data files, or the > submitter will usually send clean transaction or always send clean > transactions ..... The way it is being positioned in the white paper > is that the submitter has passed some successful data files for > transactional compliance against the IG - well folks that is Testing. > If they do it with a desktop tool or through a third party service it > is the same - it is "Testing". The submitter will say i "Tested" > using such tool or service. It means the submitter has done their due diligence in testing their files to some degree. > > So lets change the white paper to say "Testing & Transactional > Compliance". Remove all references and recommendations to > Certification and make them all refer it as Testing. That also is in > line with Third Party Assessment. Third parties just like the VANs in > the EDI world do Testing not Certification. The healthcare service > providers whether they are a provider of Testing services or > Clearinghouses can all then provide Testing services. Now it makes > sense, no one will misunderstand anything, everyone will know this is > a nice to do but does not give anyone the "right to passage" into > straight production - it will remove confusion, noise and this whole > debate we are having on certification. It does not carry liability > which i am sure none of the current service providers want to sign up > on - "You Ceritify with us and you will ABSOLUTELY be able to transact > clean HIPAA data with your partners". > > > 2. Will we all get there in time: > > "Given the number of trading partners that have to be compliant with > HIPAA, if each pair of trading partners is going to test with each > trading partner, we will never be able to finish the testing task". > > Someone also mentioned in one of the strings about domain expertise. > > Folks - i have news for everyone - even with "Third Party Testing" you > will never be able to finish this task on an industry wide basis - 40+ > years of EDI and please do not tell me that all companies have > implemented all the transaction sets they need to mplementat (which > have been defined crisply and established over a decase ago). There is > a lot of the confusion today because people are going through the > first implementation of the HIPAA standards. Who is a better domain > expertise for their business processes than the covered entities. > Given the almost clear IGs, good technologies for "Testing" and with > some maturity being achieved in HIPAA implementations it will become > very much like EDI implementations. We will go through similar pains, > similar gains, similar implementations, similar bottlenecks. We can > flaunt the Deadline Date all we want - i can assure you that MOST > covered entities will not be able to achive a great degree of > compliance by those dates. The process of the IGs getting cleaned up > and matured, covered entities understanding the implicit and explicit > details of implementing these IGs, business processes etc etc will > take more than a couple of years. HIPAA implementations are no > different than EDI implementations. Come 2003, 2004 and beyond users > are going to realize that it will boil down to the same stuff. Third party Testing or not there will be a significant population that will not be able to implement HIPAA data exchange standards > by the due dates. IT IS NOT HUMANLY POSSIBLE - you cannot automate the > entire process of partner ENABLEMENT. You need to start the process > of partner ENABLEMENT, and continue going through the cycles by > putting better process, technologies, awareness and education in > place. > > If service providers also possess domain expertise that is great, more > power to them in better serving their customers. I would expect any > software/ service provider in the HIPAA arena (or for that any > vertical) to posses domain expertise. > > > 3 It is all Testing, Testing & Testing: > > All these statements lend to one conclusion - call it "Testing". Just > like the white paper says Certification is enterprise-centric. And to > take it one step further, any particular vendor can proclaim that they > provide HIPAA Certification incluing their rules of certification. > > (a) Certification is not mandated and has never been clearly defined. > So why are we chasing this concept when we cannot even definitiely > define it. Lets stick with "Testing" till we are able to absolutely > with surety say this is what this concept means, this is how this > concept works, this is exactly where it will get you. > > (b)"The white paper describes testing in much more detail than > certification ......... " - the reason for it is because "Testing" > make sense and there is some meat to it. "Certification" - well i am > still grappling with the word and fumble everytime i have to explain > some what do you get with Certification over and above that you get > with "Testing". This paragraph makes the case for calling this > process what is actually is "Testing" - in this case it is provided by > a third party service. > > (c) "Certification of compliance of the HIPAA transactions is not an > easy process. You not only need to have both the EDI expertise and the > healthcare expertise, but you need to be able to produce a "provable" > result and stand behind it. This involves a very high liability." > > Does that mean that a vendor offering Certification is also > proclaiming that "hold me liable" - if once you are certified and you > are not successful with an implementation with your partner? > > (d) "There is no incompatibility between testing and certification. > One does not replace the other. Even if you are certified, you are > going to have to do some testing with your trading partner. However > the expense, effort, and time of the trading partner testing is > greatly reduced." > > Sorry, but i am still trying to figure out the difference between > these two words - all we are doing is testing, testing and testing. A > submitter will go to a trading partner and say "I Tested with such service". > > (e) Someone just recently mentioned, just like i had asserted couple > of months ago, that most of the guidelines are clean and clear with a > few ambiguties. Well in that case the concept of HIPAA Testing fits > in very well. We will have providers of HIPAA products & services > offer HIPAA "Testing" products and services just like it has been done > in the EDI world for decades - and any covered entity can leverage it. > > (f) Let the white paper call for partners to do "Testing" and each > individual service/ solution provider (who chooses to do so) can > promote the idea that when entities Test with them they will Certify > them per certain rules/ critiera, publish directory of passed > submitters etc etc. > > (g) No one is telling me when does "Certification" start and end, how > many times does one require "Certification", how often do we "Certify" > - and if you have to do "Certification" often and regular - then that > is "Testing" not "Certification" > > (h) By "Testing" you can (i) Assist in identifying problems or issues > within one's implementation (ii) Reduce (not Remove) the bottleneck of > end-to-end mass partner testing and (iii) Scrutinize trading partners. > Certification does not give you anything extra. > > > 4. Larry mentioned "The WEDI SNIP white paper simply uses the term > 'certification' to indicate that an independent 3rd party is willing > to make a public statement about an entity's transactions ........." > > Larry i APPLAUD you for this comments. You have articulated the right > concept with the correct positioning. The paper does not communicate > this and i will personally be willing to provide the edits to the > paper in the next revision to clear up this confusion - and one thing > we MUST do is reduce the paper from 20+ pages to 4-5 pages - lets make > it brief, concise and fully focused on delivering a clear message with > no confusion. And i will be glad to take the lead on it. > > Someone mentioned Vendors should not tell businesses how to do > business. That is absolutely right. And that is another argument to > take the word "Certification" out. Certification breeds > interpretations and that is exactly what a vendor should not be > getting into. Testing is testing, is it a process or way of getting to > the finish line. > > In all of this, nowhere am i or for that matter most of the emails i > have seen one says that "Third Party Testing" is not a good idea - it > is a very good idea. But lets call a spade a spade and users should > know how far does that "Testing" gets them. IT IS A NICE TO HAVE - IT > IS NOT DEFINITIVE, IT IS NOT COMPLETE AND IT WILL NOT GET YOU TO THE > FINISH LINE OR EVEN CLOSE TO THE FINISH LINE. IT PROVIDES YOU WITH > SOME RIGOUR AND DISCIPLINE - LIKE TRAINING BEFORE YOU WANT TO RUN THE > MARATHAN. > > Maybe it is just me, but if i took every email in this thread and > substituted "Testing" for "Certification" i think almost all the > issues will become mute, all questions and concerns raised will be > answered. Because of the focus of the white paper and the inherent > meaning of "Testing" or "Certification" the concept will stick better. > Then lets work in clearly defining "Certification" and then promote it > to the community. > > I sincerely hope that every EDI service provider, every clearinghouse > and others provides HIPAA "Testing" services - that is the best way to > serve the industry and make a meaningful impact. Like i said > "Testing" is just one component of ENABLEMENT. > > Sunny Singh > Edifecs > www.edifecs.com <http://www.edifecs.com/> > <http://www.hipaadesk.com/> www.HIPAADesk.com - "A Free Online HIPAA > Testing Service" > 425-250-0070 > 425-922-0838 (c) > > > > > To be removed from this listserv, please email [EMAIL PROTECTED] > <P>The WEDI SNIP listserv to which you are subscribed is not > moderated. The discussions on this listserv therefore represent the > views of the individual participants, and do not necessarily represent > the views of the WEDI Board of > Directors nor WEDI SNIP. If you wish to receive an official opinion, > post your question to the WEDI SNIP Issues Database at > http://snip.wedi.org/tracking/. Posting of advertisements or other > commercial use of this listserv is specifically prohibited. > -- This email contains confidential information intended only for the named addressee(s). Any use, distribution, copying or disclosure by any other person is strictly prohibited. To be removed from this listserv, please email [EMAIL PROTECTED] <P>The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. Posting of advertisements or other commercial use of this listserv is specifically prohibited.
