HIPAA Technical Review

DCS EDI Specialists Experienced with HIPAA EDI System Requirements

When discussing document exchange the three areas of concern for HIPAA are document formats and communication protocols.

• The ANSI X12N standards are the guidelines used for document format definitions.
• HL7 standards govern electronic medical records.
• EDI INT AS2 standards outline the protocol required by HIPAA for secure data transmission.

An example of a document exchanged is a submission of a claim to a payer. The Health Care Claim document format is the Transaction Set 837. The claim is transmitted by secure Internet. (The transmission is secure due to the exchange of certificates, encryption of the message, connection filtering and more.) As exchange occurs without manual intervention, the process must have extensive controls. Thus, EDI Integration is a combination of document format, data transmission, and process management.

A typical development scenario would include selecting three payers, as variation within the standard is permitted.

1. From each payer, obtain specifications (documents expected, EDI and AS2 specifications, code lists, and the testing process).
2. The project plan is drafted and reviewed with I.T. and A.R. staffs.
3. The appropriate resources are identified and acquired and deliverables are set.

DCS’ EDI implementation, planning and development experience shows the primary snags that arise during this type of project are:

• Substantial delays or re-development occurs during testing with Trading Partners because of inaccurate or underdeveloped unit test plans during internal testing. This most often occurs because the looping structure of EDI documents is not understood by the person developing the translation.
• Gap analysis is not completed, delaying a project because data required to be sent to the Trading Partners are not in the application tables or similarly no fields are available for data received.
• Cross-reference data is not defined appropriately. This often occurs because the developer is not familiar with the actual business practices of your organization and makes incorrect assumptions.
• Data transmission is halted because of network and Internet security. (Working with the firewall administrator is required).
• Lack of knowledge transfer due to I.T. turnover.
• Inadequate EDI support from application vendors.

You should also know that HIPAA required EDI data is also frequently sent to a database instead of a PMS. Several DCS customers have moved summary data into/out of Microsoft SQL Server^TM or Oracle 11g^TM databases for subsequent processing such as reporting. DCS role is to help with data table design for EDI data and then map the data into a database. Frequently, DCS customers can save development cost by doing the business application and reporting themselves after DCS sets up programs to load the tables. Working jointly processes are swift and reliable.

Learn more on how DCS EDI Consultants can assist you with your HIPAA data transmissions with your free assessment.