Rachel, It is both. The software or the vendor or the clearinghouse needs to be compliant. They need to have the capability to send or receive HIPAA compliant transactions. Without that capability, none of their customers can be compliant.
Once the capability of the software is demonstrated, each user of that software needs to be certified. Why? The two most important reasons are: - This software is not "shrink wrap" and is customized for each site. Even in the case of a clearinghouse, the transmissions between the provider or payer and the clearinghouse use a variety of formats, some of which may not have all the data necessary for compliance. - HIPAA is a lot more than data format, it is data content. If the required data content, or the situational data content, is not present, regardless of the software ability, the transaction is not compliant. So, the users themselves need to be aware of the "situational" requirements of HIPAA that apply to their business. At the end, it is the user that is the covered entity and needs to be in compliance, as you well said. A vendor or clearinghouse representing that just because their software has the capability of producing / receiving compliant transactions, all of their customers will be automatically compliant with the HIPAA transactions is either misleading the customers or does not quite understand what is it that it means to comply with the transactions. Sorry about the harsh words, but some people need to wake up to reality. As you know, the system vendors are not covered entities, and most of them are probably not even business associates. Just my $.02 worth. Kepa On Tuesday 16 April 2002 09:18 pm, Rachel Foerster wrote: > My opinion is that it's the software that's certified, not the corporate > entity. The software must create/process complying transactions so the > software must be certified. > > In other industries and other areas of electronic commerce, many of the > standards development organizations also create what's called "conformance" > requirements that developers can use to validate that the software they > develop does indeed "conform" to the standard specification. > > This is what HIPAA certification does. > > But, there's another aspect to this. That is, that software is not "HIPAA" > compliant....it's only a tool that enables the user to process transactions > that comply with the specifications. But, my viewpoint is that software can > be certified as having the ability to process transactions that comply with > the guides, but the user can mis-use or misunderstand how to configure a > software and thus actually create non-compliant transactions. > > So, software can be certified, but it's the covered entity that complies > with the law and the regulations. > > Rachel > Rachel Foerster > Principal > Rachel Foerster & Associates, Ltd. > Professionals in EDI & Electronic Commerce > 39432 North Avenue > Beach Park, IL 60099 > Phone: 847-872-8070 > Fax: 847-872-6860 > http://www.rfa-edi.com > > -----Original Message----- > From: Natasha Farvan [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, April 16, 2002 5:01 PM > To: [EMAIL PROTECTED] > Subject: Certification > > > > > > I'm in the process of creating a TCI software vendor readiness > questionnaire and one of my questions is if they are certified. But then it > occurred to me does the certification apply to the entity or the > application? > > Your input is appreciated. > > Natasha Farvan > Sr. I.S. Project Leader > HIPAA Transactions & Code Sets Project Manager > Information Technology Group > Oregon Health & Sciences University > 1500 SW First Ave Ste 100B > Portland, OR 97201 > Mailcode: Crown > Tel (503) 494-0561 > Fax (503) 494-4626 > > > ********************************************************************** > To be removed from this list, send a message to: > [EMAIL PROTECTED] > Please note that it may take up to 72 hours to process your request. > > ================== > The WEDI SNIP listserv to which you are subscribed is not moderated. The > discussions on this listserv therefore represent the views of the > individual participants, and do not necessarily represent the views of the > WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official > opinion, post your question to the WEDI SNIP Issues Database at > http://snip.wedi.org/tracking/. > Posting of advertisements or other commercial use of this listserv is > specifically prohibited. > > > > ********************************************************************** > To be removed from this list, send a message to: > [EMAIL PROTECTED] Please note that it may take up to 72 hours to > process your request. > > ====================================================== > The WEDI SNIP listserv to which you are subscribed is not moderated. The > discussions on this listserv therefore represent the views of the > individual participants, and do not necessarily represent the views of the > WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official > opinion, post your question to the WEDI SNIP Issues Database at > http://snip.wedi.org/tracking/. Posting of advertisements or other > commercial use of this listserv is specifically prohibited. -- This email contains confidential information intended only for the named addressee(s). Any use, distribution, copying or disclosure by any other person is strictly prohibited. ********************************************************************** To be removed from this list, send a message to: [EMAIL PROTECTED] Please note that it may take up to 72 hours to process your request. ====================================================== The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. Posting of advertisements or other commercial use of this listserv is specifically prohibited.
