Patrice-
I agree that for the
purpose of HIPAA certification, 1 – 7 is sufficient.
Regarding the use of
real or false testing data – there is tremendous pressure on vendors and
clearinghouses to get “certified”. This has nothing to do with the time
saving aspects of testing. It’s done almost solely to satisfy the
demands of a market place that have been led to believe that a vendor’s
certification is crucial to the success of their HIPAA project.
This despite the fact that the market has no idea what certification
actually means. It would be relatively easy for a vendor to run through
the certification exercise without ever actually sending or receiving a
compliant transaction using the software product they’re supposed to be
supporting. It would satisfy the market in a big way to do so. Now
they have months of benefiting from “certification” and enough time to
actually implement the real thing (without certification). I know most
vendors are honest business folk who would never consider this but one bad
apple could give certification a bad name.
-----Original
Message-----
From: Thaler,
Patrice M [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 02, 2002 10:01
AM
To: WEDI SNIP Testing
Subworkgroup List
Subject:
RE: VALIDATION or Certification
Regarding 1-2 below:
In my presentation I was
trying to show that testing for types 1-7 is good enough. The industry already
submits most claims electronically. Most providers have figured out business
rules (e.g. that the date of death must not be before date of birth.) There
will be a few new providers to this process and long term it might be good to
have vendors check for business rules - but for now I am approaching this as
the 80/20 rule. If I can get my claims or any other transaction through type
1-7 through a vendor tool - then I should be good to
go.
Also, WEDI/SNIP is about HIPAA compliance not
necessarily about business issues. Here is a sentence from SNIP mission
"The WEDI HIPAA SNIP Task Group has been
established to meet the immediate need to assess industry-wide HIPAA
Administrative Simplification implementation readiness and to bring about the
national coordination necessary for successful compliance" I
do not believe this group was tasked with solving all health care issues.
Regarding 5 below:
I believe the statements made about "wondering if the
CE used real data or did they create them artificially" just takes us down the
path of the old paradigm - Don't trust
your trading partner. I personally am beyond wondering if my
payer REALLY tested a real 835. If they took the time to explain to me that
they tested and passed type 1-7 edits then I think they are good to go. What
would be a reason for them to lie? To lengthen our testing time? To increase
our costs? I don't think so.
Patrice
Allina Hospitals and Clinics
-----Original
Message-----
From: Kepa Zubeldia [mailto:[EMAIL PROTECTED]]
Sent:
Tuesday, November 26, 2002 12:15 AM
To: WEDI SNIP Testing Subworkgroup
List
Subject: Re: VALIDATION or
Certification
Marcallee,
Thank you. Now we are getting
back on track. Let me address your points.
1. and 2. There are a
number of good reasons why transactions that are
correct from the EDI
perspective and from the HIPAA IG perspective will fail
the business use of
the transaction. For instance, if the dates are out of
"sequence",
there will be no HIPAA errors detected (HIPAA does not require
that the
date of birth be before the date of death) but the transaction could
very
well fail the business logic. A transaction without HIPAA errors is
not
necessarily a good business transaction. If you are interested, I
can get you
more specifics out of band. The example was just that, an
example, but you
get the feel, right?
3. What is a claim? Is
it the entire 837 with hundreds of 2300 loops, or is
it each one of the
2300 loops? From the business perspective of healthcare,
it is each
one of the 2300 loops. From the EDI perspective, it could well be
the
entire 837. It would be nice to get a clarification from HHS on this,
as
it could very well affect the penalties. I believe the covered
entities are
required to have perfect claims, but we need to know the scope
of a claim.
See point #4. As for the certification, both should be
measured, how many
2300 loops are good and how many ST-SE transactions are
good. The number of
2300 loops per ST-SE is another important
metric. Of course, I am assuming
that all transactions must at least
be compliant with X12 syntax or the whole
ST-SE would be bad. But,
will a bad ZIP code cause an entire 837 to be bad
even if it only happens
in one out of 10,000 claims? I say that is too
drastic a
position.
4. Excellent point. What is the threshold to claim
"compliance" ? Can I
claim compliance because 1% of my claims are
correct? How high should it
get? Can I claim compliance if my
correct claim percentage is 50%, 75%, 85%,
90%, 95%, 97%, 99%? I just
picked some numbers. Who has the answer to this
one? Currently
the industry operates at around 95% - 97% correct claims. In
fact,
when a provider tests with Medicare they are supposed to be at least
95%
clean before going to production. So, is that the threshold? Or
has
HIPAA become 100% clean or nothing? I would like to suggest that
SNIP makes
some consensus recommendations in this area. Lacking an
industry consensus,
it will be left up to the trading partners to set their
own thresholds.
5. How do we know the certified entity used real
data? First they should be
required to only use real data by
contract. Then the certification should
disclose how they obtained
the certification. How many transactions they
certified? Was it
only a handful, or was it a real substantial number of
transactions.
It is very difficult to create large numbers of test claims
(large being a
relative measure, depending on the entity) My gut feeling
(not very
scientific) tells me that the number of claims certified should
correspond
to about one week worth of business or more. Then, if the
tested
transactions were artificially created, they will probably be
monotonous, and
that should be reflected in the details of the
certification. The details of
the certification should represent a
real live situation for that provider,
including the quantity and types of
claims (quality) that represents that
specific provider. If the
certification discloses these facts, then cheating
the system by certifying
concocted data becomes self defeating.
Do we have other
assertions?
Kepa
On Monday 25 November 2002
10:16 pm, Marcallee Jackson wrote:
> Rachel - My first message was my
way of saying "cool it". I know that
> you know there are few on
the list that enjoy a good debate the way I
> do, so I'm not going to
take your comments on that personally. I'm also
> not going to
beat a dead horse so let's move on to the issue of
> "certification".
Separating product from process, if I understand the
> assertion being
made for certification, it is that:
>
> 1. Certification
summarizes for the tester the results of the business
> scenarios
included in the test.
> 2. Certification allows an aggregate
report of capabilities, thereby
> protecting PHI.
> 3.
Certification assumes a less than 100% compliant file is to be
>
expected and so the pass rate should be identified and clients should
be
> certified if even one transaction proves to be
compliant.
>
> But I don't understand a few
things:
>
> 1. In the example given earlier, the provider
was able to produce HIPAA
> compliant primary claims but not secondary
claims. Shouldn't the
> secondary claims have failed the
test?
> 2. 89% of consultations failed certification.
Shouldn't those have
> failed the test?
> 3. Is it OK to be
compliant with some of the transactions you send, or
> are CE's required
under the law to be fully compliant?
> 4. If in fact an entity
with a less than 1% pass rate can announce to
> the
> World that
it has met "certification" requirements through a third party
> testing
and certification authority, what does that mean for the
>
industry?
> 5. Doesn't certification imply some independent
analysis and
> verification of validity? If so, how do we know
that the certifying
> entity used real data? What's to stop a
vendor, provider or payer from
> building rather than producing a
compliant transaction and certifying
> it?
>
> Hope
this sets an example of vendor free jargon and assists in the
>
discussion on this topic.
>
> Marcallee
---
The WEDI
SNIP listserv to which you are subscribed is not moderated. The discussions on
this listserv therefore represent the views of the individual participants,
and do not necessarily represent the views of the WEDI Board of Directors nor
WEDI SNIP. If you wish to receive an official opinion, post your question to
the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs
should not be used for commercial marketing purposes or discussion of specific
vendor products and services. They also are not intended to be used as a
forum for personal disagreements or unprofessional communication at any
time.
You are currently subscribed to wedi-testing as:
[EMAIL PROTECTED]
To unsubscribe from this list, go to the
Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED]
If you need to unsubscribe but
your current email address is not the same as the address subscribed to the
list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
---
The WEDI SNIP listserv to which
you are subscribed is not moderated. The discussions on this listserv
therefore represent the views of the individual participants, and do not
necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP.
If you wish to receive an official opinion, post your question to the WEDI
SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should
not be used for commercial marketing purposes or discussion of specific vendor
products and services. They also are not intended to be used as a forum for
personal disagreements or unprofessional communication at any time.
You
are currently subscribed to wedi-testing as: [EMAIL PROTECTED]
To
unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED]
If you need to unsubscribe but
your current email address is not the same as the address subscribed to the
list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
---