Laura, Neither of your cites are from the actual language of the final rule. Rather, the first is from the preamble and the second, as you note, is from the DHHS FAQs. IVR systems appear to NOT fall under the DDE exception, thus my conclusion is that IVR, as well as fax, do not have to meet any of the electronic transaction final rule requirements. However, the privacy rule requirements still apply.
I'd get a reading from your own legal counsel on this. Rachel -----Original Message----- From: Mosesso, Laura [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 02, 2002 3:53 PM To: [EMAIL PROTECTED] Subject: TCS: Voice Response Systems > I am in search of clarification regarding Voice Response System > requirements under the TCS rule. > > Page 50315 of the 8/17/00 Federal Registrar states that telephone voice > response [systems] must conform to the data content portion of the > standard, but not the format. > > "Certain technologies present a special case for the use of standard > transactions. We proposed that telephone voice response, ''faxback'', and > Hyper Text Markup Language (HTML) interactions would not be required to > follow the standard. We have since reevaluated this position in light of > the many comments on this position and on developments in the EDI industry > which continue to expand the options in this area. We have decided that, > instead of creating an exception for these transmissions, we will > recognize that there are certain transmission modes in which use of the > format portion of the standard is inappropriate. However, the transaction > must conform to the data content portion of the standard." > > But a 12/28/00 DHHS FAQ response states: > "Fax imaging and voice response transmissions are not subject to the > HIPAA transactions standards but may have to meet privacy and security > standards. Health plans may continue to offer these services, however, > they must still be able to accept and send the HIPAA standard > transactions." > And the Medicare Managed Care FAQ's posted 3/26/02 states: > "Voice response or fax systems do not have to meet the data content > requirements of the HIPAA standard." > > Can someone help clarify this seemingly conflicting information? > > Your feedback is appreciated. > > Laura A. Mosesso > Coventry Health Care > HIPAA/EDI Compliance Manager > Email: [EMAIL PROTECTED] > > > >
