Del, As you are probably aware you are considered a fiscal intermediary or fiscal agent. I would assume the DOJ you were referring to was the state attorney general's office. I would think the state social welfare agency you report to would have general counsel.
Since you are a fiscal intermediary you probably have a contract with the state that covers all aspects of your relationship including upgrades to existing MMIS systems. You are in a little bit of sticky situation since both you and the state are CE's. If your DDE is non-compliant and the state says it is compliant and refuses to pay for any upgrades you do have an issue to resolve. With most states having budget shortfalls you might be hard pressed to get any changes made, although CMS does subsidize state MMIS systems. As I heard one CMS person say they will pay for MMIS upgrades directly related to Medicaid changes but not for HIPAA related upgrades. Good luck. Regards, David Frenkel Business Development GEFEG USA Global Leader in Ecommerce Tools www.gefeg.com 425-260-5030 -----Original Message----- From: Del Texley [mailto:dtexley@;lipa.net] Sent: Friday, October 18, 2002 3:49 PM To: [EMAIL PROTECTED] Subject: RE: State Online system We are a sub-contractor (Health Plan) of the state for MediCare, we pay the claims that the providers submit to us, then pass the encounter data to the state. Since we are functioning as a Health Plan we are considered at Covered Entity. Providers and Plans can use the online system to verify eligibility and see limited claims history. The DoJ I was referring to was the Dept. of Justice in our state, not at the national level. > Del, > > I think the first most important test to determine whether this > constitutes DDE under HIPAA is to ask who's using it? That is, if it > is health care providers who are accessing eligibility and claims > status information, then it falls under the DDE exception as set forth > in > > ? 162.923 Requirements for covered entities. > > (b) Exception for direct data entry transactions. A health care > provider electing to use direct data entry offered by a health plan to > conduct a transaction for which a standard has been adopted under this > part must use the applicable data content and data condition > requirements of the standard when conducting the transaction. The > health care provider is not required to use the format requirements of > the standard. > > Key points: > 1. a health care provider uses the system > 2. the system is offered by a health plan > > If this doesn't pass this test, then it's my opinion that it's not DDE > as defined by HIPAA. > > Additionally, the Department of Justice has not weighed in on anything > yet regarding enforcement/compliance with HIPAA. > > Rachel Foerster > Principal > Rachel Foerster & Associates, Ltd. > 39432 North Avenue > Beach Park, IL 60099 > Voice: 847-872-8070 > Fax: 847-872-6860 > eMail: [EMAIL PROTECTED] <mailto:rachel@;rfa-edi.com> > http://www.rfa-edi.com > > > -----Original Message----- > From: Del Texley [mailto:dtexley@;lipa.net] > Sent: Thursday, October 17, 2002 12:03 PM > To: [EMAIL PROTECTED] > Subject: State Online system > > Our state has an online system to look at eligibility and > claims/encouter data. It's just a mainframe/telnet session via > dialup, leased line or internet. > > At a meeting yesterday we were given information about some minor > changes to the system and of course it was asked what would be > replacing it for HIPAA compliance. Imagine our surprise when the > state informed us the system would continue in it's current form > indefinately. > > When quizzed about HIPAA issues we were told the Dept. of Justice had > determined that the system was "not DDE" because "no claims data was > input via the system" and was not performing HIPAA transactions > because "no files were being transferred" and was therefore exempt > from HIPAA. > > The stand of the contractors in the meeting was that regardless of > whether the system was or wasn't DDE (which it is), the system was > transmitting PHI in an electronic format and therefore was required to > adhere to privacy requirements, such as encryption of the data. > > I'm gathering information to send to the contact person as part of a > request to revisit the classification of this system. Anybody have > some suggestions on documentation sources or comments on the > situation? > > Thanks > Del Texley LIPA Information Systems (541) 484 6430 ********************************************************************** To be removed from this list, send a message to: [EMAIL PROTECTED] Please note that it may take up to 72 hours to process your request. ====================================================== The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. Posting of advertisements or other commercial use of this listserv is specifically prohibited. ********************************************************************** To be removed from this list, send a message to: [EMAIL PROTECTED] Please note that it may take up to 72 hours to process your request. ====================================================== The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. Posting of advertisements or other commercial use of this listserv is specifically prohibited.
