Jerry, You asked where does the responsibility of being compliant begin and end?
Yes it is true that you would have the bulk of the testing work, given that have to verify your internal systems will send and receive compliant transactions. You would also have to verify that your interfaces can accept your transaction and vice-versa. The latter being a beta testing initiative. There are a couple of different scenarios. 1) Both you and your business partner have been "certified". You would then want to schedule a testing effort to verify both systems can send, receive and programmatically process your specific test cases. You would want to test end-to-end transactions, communication protocols and possibly performance tests to ensure your relationship with your partner is completed tested. This would be more of a cursory review to ensure all the various technologies are working together as you would already know your EDI capabilities. 2) One or none of the parties is "certified". This would entail a much more robust testing effort given that you don't know the levels of capabilities of your interfaces. You could assume this effort will take much longer as you need to work through test cases that may have defects on both sides of the interface relationship and the delays in correcting the defects and re-testing. I would not recommend this type of testing initiative. You can relate this to Y2K where vendors or interfaces would have to be "certified" that there transactions were compliant prior to allowing them continued access of sending files to the production environment. The main difference is of course non-compliant dates would cause abends in production, non-compliant EDI transactions can be rejected via front-end edits and back-end edits, but would certainly increase production support workloads. This goes back to the point of running dual systems until at such time all of your interfaces were compliant with the new implementation guidelines. I would suggest looking at your configuration management practices for transaction sequencing and "live" dates for your interfacing partners, to help alleviate this concern. This is by no means a less than monumental internal testing and coordination effort. Although, there are quite a few technologies available to assist you with this process. This may just confirm what you already know, if not I hope it added a little insight. Regards, Mark A Lott CIO HIPAA Testing, Inc. 480-946-7200 �Automating HIPAA Compliance� CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ********************************************************************** To be removed from this list, send a message to: [EMAIL PROTECTED] Please note that it may take up to 72 hours to process your request.
