OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]
RE: SV: [Fwd: Re: [xml-dev] Edi complexity, does ebxml really reduce it?]

Whoa, Monica! Back off a bit!. Please note that my comments are specific
to
the Health Insurance Portability & Accountability Act and its enabling
regulations. HIPAA specifically addresses standards for health care claims
and other financial transactions. I have applauded the CDC's and HL7's
support, endorsement and adoption of the ebMS - and have also been a vocal
supporter of ebXML in all of the health care venues in which I
participate.
Furthermore, it is my hope that CDC and HL7 may lead the way to DHHS/CMS
to
relaxing its current position re the use of the Internet. As per the
extract
from this PM:

==============
Program Memorandum Department of Health &
Human Services (DHHS) Intermediaries/Carriers Centers for Medicare &
Medicaid Services (CMS)
Transmittal AB-02-145
Date: OCTOBER 25, 2002
CHANGE REQUEST 2264
SUBJECT: Electronic Patient Records Via Non-Internet Means
Recently, a number of contractors have asked whether it would be a
violation
of CMS security
policy to allow a provider to send electronic patient records to the
contractor via non-Internet means.
Electronic patient records are patient medical diagnosis and treatment
documentation in any
combination of text, graphics, data, audio, pictorial, or other
information
representation in digital
form that is created, modified, archived, retrieved, or distributed by a
computer system. The purpose
of this Program Memorandum (PM) is to clarify the CMS policy with respect
to
the authority the
contractor has to accept electronic patient records from providers via
non-Internet
telecommunication networks.

Section 5 of the Business Partners Systems Security Manual
(www.cms.hhs.gov/manuals/
117_systems_security/BP_Sys_Security_man.asp) states that Health care
transactions (such as
claims, remittances, medical records, etc.) "are prohibited between
Medicare
carriers/intermediaries
and providers over the Internet. This Internet prohibition also applies to
using the Internet to
transport CMS Privacy Act-protected data between carriers/intermediaries
and
any other party. (See
http://www.hcfa.gov/security/isecplcy.htm for a definition of protected
data.). [emphasis added]"
The Manual is silent on the transmission of electronic patient records
over
non-Internet networks
(e.g., dial up telephone lines, leased telephone lines, private networks).
================


Notwithstanding the CDC and HL7 efforts, CMS (The Centers for Medicare and
Medicaid Services), within the U.S. Department of Health & Human Services,
continues to steadfastly prohibit the use of the Internet for the
transmission of Medicare patient data, and this prohibition is
forestalling
the effective use of Internet web-based solutions for the electronic
exchange of health care claim attachments, among others.

Neither the CDC nor HL7 are subject to the HIPAA legislation and its
enabling regulations.

And lastly, even though ebMS addresses the issue of security, etc., it
does
not ipso facto mean that there are now affordable, easy-to-use,
interoperable encryption solutions that can be used by the vast majority
of
small health care providers, health plans, billing services, and the
myriad
small businesses providing services to health care. Actually, as a result
of
HIPAA's privacy and security regulations many health care provider
organizations now have prohibited the use of email until such time as such
easy, affordable and interoperable solutions are available. Additionally,
many small health care providers won't even allow Internet access to their
office staff. The health care industry has miles to go before it will be
ubiquitously leveraging the Internet and portions of the ebXML framework.

Rachel


-----Original Message-----
From: Monica J. Martin [mailto:Monica.Martin@Sun.COM] 
Sent: Tuesday, July 13, 2004 1:00 PM
To: rachel@rfa-edi.com
Cc: ebxml-dev@lists.ebxml.org
Subject: Re: SV: [Fwd: Re: [xml-dev] Edi complexity, does ebxml really
reduce it?]


>Foerster: The second major hurdle is the HIPAA Security Regulation 
>which requires that HIPAA covered entities must **address** the use of 
>encryption when using insecure networks to transmit electronic 
>protected health information (ePHI). Given that more than 80% of health
care organizations in the U.S.
>can be classified as small businesses, they are totally reliant on 
>their application systems and other vendors to provide the enabling 
>technologies at an affordable cost. Without a **standard** 
>interoperable encryption solution that can be used by the hundreds of 
>thousands of small healthcare providers as easily as they use a fax 
>today with diverse and disparate systems, exploiting the Internet and 
>ebXML will remain a dream and a vision (although one that I've been 
>dreaming of for years!!!)
>  
>
mm1: Then answer why a major health related exchange has implemented the
use
of ebMS and encryption, the Center of Disease Control and why HL7 is
recommending use of ebMS? Reference for both at: www.ebxmlforum.org/
(latter)
andhttp://www.ebxml.org/case_studies/documents/casestudy_cdc_phinms.pdf
(former). Making generalized statements can only cause confusion. Thanks.


The ebxml-dev list is sponsored by OASIS <http://www.oasis-open.org> The
list archives are at http://lists.ebxml.org/archives/ebxml-dev/
To subscribe or unsubscribe from this list use the subscription manager: 
<http://www.oasis-open.org/mlmanage/>




The ebxml-dev list is sponsored by OASIS <http://www.oasis-open.org> The
list archives are at http://lists.ebxml.org/archives/ebxml-dev/
To subscribe or unsubscribe from this list use the subscription manager: 
<http://www.oasis-open.org/mlmanage/>

<<attachment: winmail.dat>>



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]