Bill, This was discussed somewhere recently and I'll try to attach the TG8 opinion letter on the should/must deal. If it does not go through, please contact me privately and I can email it. -Chris
At 11:05 AM 4/26/02 -0700, Bill Chessman wrote: >Okay, I admit, though fairly familiar with EDI, my HIPAA knowledge is >limited and only recently won. Here's the crux of my thoughts. According >to the IGs the phrase NOT USED means <copyandpaste source="004010X096">This >item should not be used when complying with this implementation >guide.</copyandpaste> > >I'm not clear from the discussion: does "should not" equal "must not" as far >as HIPAA rules go? If something is transmitted that falls in this "should >not" zone, is the sender liable for fines, imprisonment, wrist slaps, >summary execution or other appropriate punishment? If HIPAA "should not" is >"must not", then the answer is clearly to send additional (parallel, maybe >EDI, maybe XML, maybe proprietary--who cares?) documents. If that's the >case, it's enough to me to stop my line of inquiry. > >On the other hand, if "should not" really means "we don't think it's a good >idea but we can't stop you if you really really want to send this NOT USED >thing," then I submit it would be possible for a state to say, "gee, we need >you to send this additional stuff (in the very same 837) that doesn't >supersede/violate HIPAA but provides us [the state] with some very important >data." I stress here additional data that doesn't countermand or violate >any of the HIPAA requirements. (One motivation for such a stance would be >to avoid having a plethora of different brands of documents transmitted.) > >Does the final rule, somewhere therein, give an iron-clad statement that >though shalt not use NOT USED items under penalty of grievous punishment? > >Best regards, >Bill Chessman >Peregrine Systems, Inc. > >-----Original Message----- >From: Rachel Foerster [mailto:[EMAIL PROTECTED]] >Sent: Thursday, April 25, 2002 12:28 PM >To: [EMAIL PROTECTED] >Subject: RE: States' roles in HIPAA IG vs. X12 Compliance > > >Bill, > >Here's my comments inline to your questions posed below. > >Rachel >Rachel Foerster >Principal >Rachel Foerster & Associates, Ltd. >Professionals in EDI & Electronic Commerce >39432 North Avenue >Beach Park, IL 60099 >Phone: 847-872-8070 >Fax: 847-872-6860 >http://www.rfa-edi.com > > >-----Original Message----- >From: Bill Chessman [mailto:[EMAIL PROTECTED]] >Sent: Thursday, April 25, 2002 12:37 PM >To: [EMAIL PROTECTED] >Subject: States' roles in HIPAA IG vs. X12 Compliance > > >All this talk about the HIPAA IG and X12 Compliance and 997 vs 824 vs >something completely different has my head spinning a little bit. Another >thing that was mentioned made me wonder about how the state laws may fit >into this jigsaw puzzle called HIPAA Compliance. > >In trying to keep my volume of e-mail archives to a minimum, I confess I've >lost the name of the person who posted the remark, but it went something >like, "what about state-level mandates for specific data used for >statistical analysis, epidemiological tracking, etc. and how does that >affect segments which are deemed in the HIPAA IGs as NOT USED?" > ><ref>No affect whatsoever to the HIPAA IGs. They are mandated by federal law >for the specific purpose defined in the law/rule and in accordance with the >standard set forth in the law. If states want other or additional data >beyond the specific data allowed within a specific HIPAA guide, they are >well within their states' rights to require additional transactions. In this >case they are then not the HIPAA mandated transaction, but another set of >data in another transaction....it's just not a HIPAA transaction. These >transactions could also be based on the full X12 transaction specification, >but subsetted to suit the needs. For example, if the X12 837 can support >additional information needed for statistical analysis, etc. there is no >prohibition against a state, or any other entity for that matter, using the >837 for that purpose. There's no conflict with HIPAA since it's not the >transaction as specified in the law. For example, here's what the law says >is a claim: > >Health care claims or equivalent encounter information: >A transmission from a provider to a health plan to > Request payment > Provide necessary accompanying information > Provide encounter information for the purpose of reporting health >care > No direct claim, because the reimbursement contract is based >on a >mechanism other than charges or reimbursement rates for >specific services > >Designated Standards: >Retail pharmacy drug claims > NCPDP Telecommunication Standard Implementation Guide, Version 5 >Release 1, >September 1999 > NCPDP Batch Standard Batch Implementation Guide, Version 1 Release >0, >February 1, 1996 >Institutional Health Care Claims > ASC X12N 837-Health Care Claim Version 004010X096 >Dental Health Care Claims > ASC X12N 837-Health Care Claim Version 004010X097 >Professional Health Care Claims > ASC X12N 837-Health Care Claim Version 004010X098 > >Any entity is free to use the X12 837 for other purposes outside of this in >any way it chooses, assuming of course, that it does so with the purpose and >scope of the 837. > ></ref> > >Is there any precedent for putting state laws on top of federal laws? > ><ref>Of course there's precedent for state laws to expand on federal >laws....the Uniform Commercial Code is a good example, as is UETA, the >Uniform Electronic Transactions Act. In these two examples, each state is >free to adopt/adapt the federal act as it deems necessary within its own >jurisdiction.</ref> > >By that I don't mean as an attempt to supersede, but rather as an attempt to >augment. If the state says, "we want to do everything that's called for in >HIPAA but there's also this other stuff we want in addition"...would that be >possible? legal? on the horizon? > >Also, if so, would we likely expect some states to issue their own "HIPAA++" >IGs? Is this something that might need to be taken into consideration? > ><ref>States cannot supercede the HIPAA electronic transaction final rule. >Since HIPAA is federal law, it crosses all state boundaries and applies to >all states, whether business is conducted intra- or inter-state.?ref> > >Also, what happens if the claim is across state lines and both have their >own HIPAA++ requirements (scenario 1: they kind of overlap, scenario 2: they >conflict)? > ><ref>If it's a claim, then all covered entities must comply with the claim >specification set forth in the federal law. The HIPAA Electronic Transaction >Final Rule **supercedes** any state law to the contrary except if that state >law is necessary to prevent fraud and abuse.</ref> > ><ref>Furthermore, states are free to enact their own laws and regulations >regarding the prompt payment of health care claims....and many states have >already done so, e.g., New Jersey, Texas. Some states are also using the >term "clean claim", but are conveniently not defining what constitutes a >clean claim.</ref> > ><ref>Clear? Or clear as mud!!</ref> > > > > >Just thinking "aloud." > >Best regards, >Bill Chessman >Peregrine Systems, Inc. Christopher J. Feahr, OD http://visiondatastandard.org [EMAIL PROTECTED] Cell/Pager: 707-529-2268
N0800_Opinion_Data_Element.PDF
Description: Adobe PDF document
