I definitely go for "must = shall", but according to IETF RFC 2119, "should
!= shall". (Basically must and shall provide a mandate where should leaves
an opening.) I can't find the X12 docs for the terminology but would expect
it to be similar. (If I correctly read the TG8 opinion letter, as posted by
Dr. Feahr, it appears that TG8's conclusion is that "should" and "must"
("shall") are different.)
Maybe the guides, in the next cycle need to add an additional negative
situation: DEFINITELY NOT USED or MUST NOT BE USED.
In the meantime, I guess we'll all have to decide on our own interpretation
and hope they match up...
Best regards,
Bill Chessman
Peregrine Systems, Inc.
(though my opinions are my own and not necessarily reflective of my
management)
-----Original Message-----
From: Rachel Foerster [mailto:[EMAIL PROTECTED]]
Sent: Sunday, April 28, 2002 2:48 PM
To: 'Bill Chessman'; [EMAIL PROTECTED]
Subject: RE: States' roles in HIPAA IG vs. X12 Compliance
Bill,
No the final rule does not address the **actual** meaning of should, should
not, must, must not, etc. A work group at X12N is trying to address this and
remove any ambiguity.
I did forward to that work group the words and definitions used by the IETF
and almost all other global and national standards bodies regarding the use
of must, should, shall, reuqired, etc.
In the absense of any clarifying language in the HIPAA guides - and since
the authors chose **not** to follow the ANSI rules of using shall, shall
not, etc. on which all of the X12 standards are based, I'm taking the
position that should = shall, must = shall, etc. Personally, I don't think
this is a reach.
Rachel
Rachel Foerster
Principal
Rachel Foerster & Associates, Ltd.
Professionals in EDI & Electronic Commerce
39432 North Avenue
Beach Park, IL 60099
Phone: 847-872-8070
Fax: 847-872-6860
http://www.rfa-edi.com
-----Original Message-----
From: Bill Chessman [mailto:[EMAIL PROTECTED]]
Sent: Friday, April 26, 2002 1:06 PM
To: '[EMAIL PROTECTED]'
Subject: RE: States' roles in HIPAA IG vs. X12 Compliance
Okay, I admit, though fairly familiar with EDI, my HIPAA knowledge is
limited and only recently won. Here's the crux of my thoughts. According
to the IGs the phrase NOT USED means <copyandpaste source="004010X096">This
item should not be used when complying with this implementation
guide.</copyandpaste>
I'm not clear from the discussion: does "should not" equal "must not" as far
as HIPAA rules go? If something is transmitted that falls in this "should
not" zone, is the sender liable for fines, imprisonment, wrist slaps,
summary execution or other appropriate punishment? If HIPAA "should not" is
"must not", then the answer is clearly to send additional (parallel, maybe
EDI, maybe XML, maybe proprietary--who cares?) documents. If that's the
case, it's enough to me to stop my line of inquiry.
On the other hand, if "should not" really means "we don't think it's a good
idea but we can't stop you if you really really want to send this NOT USED
thing," then I submit it would be possible for a state to say, "gee, we need
you to send this additional stuff (in the very same 837) that doesn't
supersede/violate HIPAA but provides us [the state] with some very important
data." I stress here additional data that doesn't countermand or violate
any of the HIPAA requirements. (One motivation for such a stance would be
to avoid having a plethora of different brands of documents transmitted.)
Does the final rule, somewhere therein, give an iron-clad statement that
though shalt not use NOT USED items under penalty of grievous punishment?
Best regards,
Bill Chessman
Peregrine Systems, Inc.
-----Original Message-----
From: Rachel Foerster [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 25, 2002 12:28 PM
To: [EMAIL PROTECTED]
Subject: RE: States' roles in HIPAA IG vs. X12 Compliance
Bill,
Here's my comments inline to your questions posed below.
Rachel
Rachel Foerster
Principal
Rachel Foerster & Associates, Ltd.
Professionals in EDI & Electronic Commerce
39432 North Avenue
Beach Park, IL 60099
Phone: 847-872-8070
Fax: 847-872-6860
http://www.rfa-edi.com
-----Original Message-----
From: Bill Chessman [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 25, 2002 12:37 PM
To: [EMAIL PROTECTED]
Subject: States' roles in HIPAA IG vs. X12 Compliance
All this talk about the HIPAA IG and X12 Compliance and 997 vs 824 vs
something completely different has my head spinning a little bit. Another
thing that was mentioned made me wonder about how the state laws may fit
into this jigsaw puzzle called HIPAA Compliance.
In trying to keep my volume of e-mail archives to a minimum, I confess I've
lost the name of the person who posted the remark, but it went something
like, "what about state-level mandates for specific data used for
statistical analysis, epidemiological tracking, etc. and how does that
affect segments which are deemed in the HIPAA IGs as NOT USED?"
<ref>No affect whatsoever to the HIPAA IGs. They are mandated by federal law
for the specific purpose defined in the law/rule and in accordance with the
standard set forth in the law. If states want other or additional data
beyond the specific data allowed within a specific HIPAA guide, they are
well within their states' rights to require additional transactions. In this
case they are then not the HIPAA mandated transaction, but another set of
data in another transaction....it's just not a HIPAA transaction. These
transactions could also be based on the full X12 transaction specification,
but subsetted to suit the needs. For example, if the X12 837 can support
additional information needed for statistical analysis, etc. there is no
prohibition against a state, or any other entity for that matter, using the
837 for that purpose. There's no conflict with HIPAA since it's not the
transaction as specified in the law. For example, here's what the law says
is a claim:
Health care claims or equivalent encounter information:
A transmission from a provider to a health plan to
Request payment
Provide necessary accompanying information
Provide encounter information for the purpose of reporting health
care
No direct claim, because the reimbursement contract is based
on a
mechanism other than charges or reimbursement rates for
specific services
Designated Standards:
Retail pharmacy drug claims
NCPDP Telecommunication Standard Implementation Guide, Version 5
Release 1,
September 1999
NCPDP Batch Standard Batch Implementation Guide, Version 1 Release
0,
February 1, 1996
Institutional Health Care Claims
ASC X12N 837-Health Care Claim Version 004010X096
Dental Health Care Claims
ASC X12N 837-Health Care Claim Version 004010X097
Professional Health Care Claims
ASC X12N 837-Health Care Claim Version 004010X098
Any entity is free to use the X12 837 for other purposes outside of this in
any way it chooses, assuming of course, that it does so with the purpose and
scope of the 837.
</ref>
Is there any precedent for putting state laws on top of federal laws?
<ref>Of course there's precedent for state laws to expand on federal
laws....the Uniform Commercial Code is a good example, as is UETA, the
Uniform Electronic Transactions Act. In these two examples, each state is
free to adopt/adapt the federal act as it deems necessary within its own
jurisdiction.</ref>
By that I don't mean as an attempt to supersede, but rather as an attempt to
augment. If the state says, "we want to do everything that's called for in
HIPAA but there's also this other stuff we want in addition"...would that be
possible? legal? on the horizon?
Also, if so, would we likely expect some states to issue their own "HIPAA++"
IGs? Is this something that might need to be taken into consideration?
<ref>States cannot supercede the HIPAA electronic transaction final rule.
Since HIPAA is federal law, it crosses all state boundaries and applies to
all states, whether business is conducted intra- or inter-state.?ref>
Also, what happens if the claim is across state lines and both have their
own HIPAA++ requirements (scenario 1: they kind of overlap, scenario 2: they
conflict)?
<ref>If it's a claim, then all covered entities must comply with the claim
specification set forth in the federal law. The HIPAA Electronic Transaction
Final Rule **supercedes** any state law to the contrary except if that state
law is necessary to prevent fraud and abuse.</ref>
<ref>Furthermore, states are free to enact their own laws and regulations
regarding the prompt payment of health care claims....and many states have
already done so, e.g., New Jersey, Texas. Some states are also using the
term "clean claim", but are conveniently not defining what constitutes a
clean claim.</ref>
<ref>Clear? Or clear as mud!!</ref>
Just thinking "aloud."
Best regards,
Bill Chessman
Peregrine Systems, Inc.
