I am heading up the HIPAA transactions compliance project at my hospital and I have a couple of questions for you. As a background, we submit claims to Medicare, Medicaid, Trigon of Virginia, and the remainder through various clearinghouses. Trigon and Medicare are using Claredi as their certification service. Trigon sent us a letter recently stating that we much certify in order to continue doing business with them. Medicare requires the same.
One question I believe was covered at the HIPAA Summit in DC recently, but I would like a more detailed response: If we use vendor code which has been certified compliant, do we as a healthcare provider also have to certify that our transactions are compliant. I believe the answer is "yes" but I would like reasons that I can take back to justify the time and expense. It is understood that business to business testing would be required. On the same note, if the clearinghouses have been certified do we have to certify our transactions or merely test with the clearinghouses? If so, please justify that for me. I had thought that the Summit dialog supported a "no" response to this question, but in the Claredi documentation it appears that we would be expected to certify our transactions coming out of the clearinghouse. Thank you, Alice L. Davis, CISA, CISSP Information Security Manager - VCU Health Systems Richmond, VA (804) 628-1144
