OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]
RE: SV: [Fwd: Re: [xml-dev] Edi complexity, does ebxml really reduce it?]

Whoa, Monica! Back off a bit!. Please note that my comments are specific
the Health Insurance Portability & Accountability Act and its enabling
regulations. HIPAA specifically addresses standards for health care claims
and other financial transactions. I have applauded the CDC's and HL7's
support, endorsement and adoption of the ebMS - and have also been a vocal
supporter of ebXML in all of the health care venues in which I
Furthermore, it is my hope that CDC and HL7 may lead the way to DHHS/CMS
relaxing its current position re the use of the Internet. As per the
from this PM:

Program Memorandum Department of Health &
Human Services (DHHS) Intermediaries/Carriers Centers for Medicare &
Medicaid Services (CMS)
Transmittal AB-02-145
Date: OCTOBER 25, 2002
SUBJECT: Electronic Patient Records Via Non-Internet Means
Recently, a number of contractors have asked whether it would be a
of CMS security
policy to allow a provider to send electronic patient records to the
contractor via non-Internet means.
Electronic patient records are patient medical diagnosis and treatment
documentation in any
combination of text, graphics, data, audio, pictorial, or other
representation in digital
form that is created, modified, archived, retrieved, or distributed by a
computer system. The purpose
of this Program Memorandum (PM) is to clarify the CMS policy with respect
the authority the
contractor has to accept electronic patient records from providers via
telecommunication networks.

Section 5 of the Business Partners Systems Security Manual
117_systems_security/BP_Sys_Security_man.asp) states that Health care
transactions (such as
claims, remittances, medical records, etc.) "are prohibited between
and providers over the Internet. This Internet prohibition also applies to
using the Internet to
transport CMS Privacy Act-protected data between carriers/intermediaries
any other party. (See
http://www.hcfa.gov/security/isecplcy.htm for a definition of protected
data.). [emphasis added]"
The Manual is silent on the transmission of electronic patient records
non-Internet networks
(e.g., dial up telephone lines, leased telephone lines, private networks).

Notwithstanding the CDC and HL7 efforts, CMS (The Centers for Medicare and
Medicaid Services), within the U.S. Department of Health & Human Services,
continues to steadfastly prohibit the use of the Internet for the
transmission of Medicare patient data, and this prohibition is
the effective use of Internet web-based solutions for the electronic
exchange of health care claim attachments, among others.

Neither the CDC nor HL7 are subject to the HIPAA legislation and its
enabling regulations.

And lastly, even though ebMS addresses the issue of security, etc., it
not ipso facto mean that there are now affordable, easy-to-use,
interoperable encryption solutions that can be used by the vast majority
small health care providers, health plans, billing services, and the
small businesses providing services to health care. Actually, as a result
HIPAA's privacy and security regulations many health care provider
organizations now have prohibited the use of email until such time as such
easy, affordable and interoperable solutions are available. Additionally,
many small health care providers won't even allow Internet access to their
office staff. The health care industry has miles to go before it will be
ubiquitously leveraging the Internet and portions of the ebXML framework.


-----Original Message-----
From: Monica J. Martin [mailto:Monica.Martin@Sun.COM] 
Sent: Tuesday, July 13, 2004 1:00 PM
To: rachel@rfa-edi.com
Cc: ebxml-dev@lists.ebxml.org
Subject: Re: SV: [Fwd: Re: [xml-dev] Edi complexity, does ebxml really
reduce it?]

>Foerster: The second major hurdle is the HIPAA Security Regulation 
>which requires that HIPAA covered entities must **address** the use of 
>encryption when using insecure networks to transmit electronic 
>protected health information (ePHI). Given that more than 80% of health
care organizations in the U.S.
>can be classified as small businesses, they are totally reliant on 
>their application systems and other vendors to provide the enabling 
>technologies at an affordable cost. Without a **standard** 
>interoperable encryption solution that can be used by the hundreds of 
>thousands of small healthcare providers as easily as they use a fax 
>today with diverse and disparate systems, exploiting the Internet and 
>ebXML will remain a dream and a vision (although one that I've been 
>dreaming of for years!!!)
mm1: Then answer why a major health related exchange has implemented the
of ebMS and encryption, the Center of Disease Control and why HL7 is
recommending use of ebMS? Reference for both at: www.ebxmlforum.org/
(former). Making generalized statements can only cause confusion. Thanks.

The ebxml-dev list is sponsored by OASIS <http://www.oasis-open.org> The
list archives are at http://lists.ebxml.org/archives/ebxml-dev/
To subscribe or unsubscribe from this list use the subscription manager: 

The ebxml-dev list is sponsored by OASIS <http://www.oasis-open.org> The
list archives are at http://lists.ebxml.org/archives/ebxml-dev/
To subscribe or unsubscribe from this list use the subscription manager: 

<<attachment: winmail.dat>>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]