AN AUTOMATED MODEL-BASED TEST TRANSACTION GENERATOR FOR HIPAA COMPLIANCE



Similar documents
Understanding the HIPAA standard transactions: The HIPAA Transactions and Code Set rule

Geisinger Health Plan

HIPAA Administrative Simplification and Privacy (AS&P) Frequently Asked Questions

Practice management system criteria checklist

HIPAA Transactions and Code Set Standards As of January Frequently Asked Questions

Imagine that your practice could submit

Health Insurance Portability and Accountability Act December 2002 No. 7 PHC 1920

Phase IV CAQH CORE 456 Payroll Deducted and Other Group Premium Payment for Insurance Products (820) Infrastructure Rule v4.0.0

HIPAA Certification Requirements and E-Commerce Requirements

How Hospitals Can Use Claims Data to Produce Innovative Analytics

DY574_261023_br. OMPP MMIS HIPAA 5010 /Edifecs Project. Overview

HIPAA: AN OVERVIEW September 2013

The benefits of electronic claims submission improve practice efficiencies

HIPAA 5010 It is important to prepare now Deanna Stohl ETP Contracting and Relations e-business Interchange Group Blue Cross Blue Shield Michigan

I ve got good news for you if you ve been

system. medical practices and healthcare vendors. Although they are designated as HIPAA EDI-specific standards, HIPAA

Sanford Health Plan. Electronic Remittance Advice 835 Transaction Companion Guide Trading Partner Information

Blue Cross and Blue Shield of Texas (BCBSTX)

Real Time Adjudication Business Process Model

Testimony of the American Dental Association. National Committee on Vital and Health Statistics. Subcommittee on Standards and Security.

Appendix E: EDI Glossary

Claim Status Request and Response Transaction Companion Guide

HIPAA 203: Security. An Introduction to the Draft HIPAA Security Regulations

Key Highlights of the Final Rule

3 Learning Objectives (cont d.)

Alert. Client PROSKAUER ROSE LLP. HIPAA Compliance Update: Employers, As Group Health Plan Sponsors, Will Be Affected By HIPAA Privacy Requirements

Chapter 4: Electronic Data Interchange

HIPAA Certification: HIPAA X12 transaction testing and certification

HEALTH CARE CLAIM STATUS REQUEST AND RESPONSE

HIPAA Glossary of Terms

EDI VERSION The Tsunami Has Arrived PUBLISHED FEBRUARY Written by M.W. Cobban Director Operations and Support

June 25 th, :00 3:00pm ET

Open Line Friday: ICD-10 Edition Provider Teleconference Series Program Panelists

FMH Benefit Services, Inc.

HP SYSTEMS UNIT. Companion Guide: Electronic Data Interchange Reports and Acknowledgements

EDI Acknowledgement Transactions 1.1 Strategy for Oregon Trading Partners

SECTION 3: TMHP ELECTRONIC DATA INTERCHANGE (EDI) TEXAS MEDICAID PROVIDER PROCEDURES MANUAL: VOL. 1

Managed Care Trading Partner Testing Packet. Managed Care Trading Partners

ICD-10 Compliance Date. Frequently Asked Questions. ICD-10 Implementation Frequently Asked Questions Updated September 2014

Paper vs. Electronic Records White Paper

Purpose What is EDI X EDI X12 standards and releases Trading Partner Requirements EDI X12 Dissected... 3

Increasing efficiency and customer satisfaction, while decreasing lapse rates

INTERMEDIATE ADMINISTRATIVE SIMPLIFICATION CENTERS FOR MEDICARE & MEDICAID SERVICES. Online Guide to: ADMINISTRATIVE SIMPLIFICATION

EDI Solutions Your guide to getting started -- and ensuring smooth transactions bcbsga.com/edi

Maximizing Healthcare Payment Automation

ELECTRONIC DATA INTERCHANGE

AmeriHealth Administrators

ICD-10 Frequently Asked Questions

EDI Solutions Your guide to getting started -- and ensuring smooth transactions empireblue.com/edi

What it Means for You and Your Organization

Healthcare Data Interoperability: What s Required to Establish Meaningful Use

EDI Overview 3. EDIConnect Benefits 3. EDIConnect - A Complete Solution 4. Key Technologies 5. Translator 5. Transaction Builder 7

Health Insurance Portability and Accountability Act HIPAA. Glossary of Common Terms

THE IMPORTANCE OF ENCRYPTION IN THE HEALTHCARE INDUSTRY

Your Choice. Page 1 of 10 Release 4 (May 2015) WEB-BSC

HIPAA Compliance. Saeed Rajput

Electronic funds transfer. A toolkit for navigating the ins and outs of EFT

Case Study. ConnectiCare. ConnectiCare. Insurer Meets HIPAA 5010 Mandate; Cuts EDI Processing Time

How To Write A Core Rule

HIPAA Frequently Asked Questions Free & Charitable Clinic HIPAA Toolbox May 2014

ICD-10 Overview. The U.S. Department of Health and Human Services implementation deadline for compliance with ICD-10, Mandate is October 1, 2014.

New HIPAA Certification Requirement & Other New Health Plan To Do Tasks under HIPAA Standard Transaction Rules

Test Data Management Concepts

THE IMPORTANCE OF ENCRYPTION IN THE HEALTHCARE INDUSTRY

Chapter. 21TMHP Electronic Data Interchange (EDI)

State of Nevada Department of Health and Human Services (DHHS) Division of Health Care Financing and Policy (DHCFP)

1. Introduction Overview: Key Terms Overview: What is HIPAA? Title I Title II Review of Technology

FAQ ICD 10. Categories: Compliance Billing General Claims Testing COMPLIANCE: Q. When is the ICD 10 compliance deadline? A.

General HIPAA Implementation FAQ

Oregon Workers Compensation Division Electronic Billing and Payment Companion Guide. Release 1.0 January 1, 2015

How To Manage Content Management With A Single System

Direct Secure Messaging: Improving the Secure and Interoperable Exchange of Health Information

How to select a practice management system

EFT and ERA Enrollment Process White Paper

This document has been provided as a courtesy to anyone who wants to learn more about EDI and how it applies to their TrueCommerce solution.

Federal Operating Rules for Healthcare Administrative Simplification

24/7 Uptime for Electronic Health Records: Microsoft Windows-based EHRs and Stratus Medical Grade Servers. Healthcare

on the status of a claim previously submitted to CMS for processing. A code that identifies the category a claim falls within.

Home Health Agency Providers Participating in MassHealth

Early Intervention Louisiana Early Steps Louisiana Early Steps HIPAA Testing Plan

EHR: The Prescription for the Health Records Problem

HIPAA EDI Companion Guide For 270/271 Eligibility Inquiry & Response Companion Guide Version: 3.0

Emdeon Clearinghouse ICD-10 Frequently Asked Questions

Integrating Payables and Receivables to Unlock Working Capital

Accelerating HIPAA Compliance with EMC Healthcare Solutions

Blue Cross Blue Shield of Michigan

Testing and Certification

How To Use Isalus Officeemr

EHR Glossary of Terms

HIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services

HIPAA. Transactions and Code Sets Toolkit. Health Insurance Portability and Accountability Act

Appendix D Fundamentals of the

15 questions to ask before signing an electronic medical record or electronic health record agreement

California Division of Workers Compensation Electronic Medical Billing and Payment Companion Guide

First Report of Injury Accredited Standards Committee X12 Insurance Subcommittee,

Call Recording for Healthcare

Phase IV CAQH CORE 450 Health Care Claim (837) Infrastructure Rule version Draft for Rules Work Group Ballot March 2015

Legislative & Regulatory Information

HIPAA The Law Explained. Click here to view the HIPAA information.

Effectively Managing EHR Projects: Guidelines for Successful Implementation

Transcription:

AN AUTOMATED MODEL-BASED TEST TRANSACTION GENERATOR FOR HIPAA COMPLIANCE Dr. Michel Mitri, James Madison University, mitrimx@jmu.edu Mr. Abdul Tannir, Syssolution, Inc., abie@tannir.us ABSTRACT The Health Insurance Portability and Accountability Act (HIPAA) requires health care providers and insurance companies to convert their electronic transaction processing to a common format using the X12 EDI standard. In many cases, this requires organizations to substantially change their EDI procedures. The IT staffs in these organizations are under pressure to quickly develop and test software for the purpose of complying with the new standards. Often they are illprepared for such transformations due to lack of knowledge of HIPAA and EDI standards, entrenched information infrastructures, difficulty of converting from their proprietary representations, and time constraints. In particular, HIPAA-compliant test transactions are difficult to generate from production data since the production data is generally in the old, proprietary format. This paper presents a prototype software tool for automatic generation of compliant test transactions. Keywords: HIPAA, EDI, test generation software, ASC X12 standard, Microsoft Access, business models. INTRODUCTION EDI (Electronic Data Interchange) is an application-to-application exchange of standard business documents in a standardized electronic data format between two trading partners. An essential component of EDI is the exchange of information between computers without human intervention, assuming that both organizational entities are using a computer-based application to exchange data [1]. There are a variety of EDI standards, some proprietary and some open. The most common open standard in the United States is X12, developed by the Accredited Standards Committee (ASC) under the auspices of the American National Standards Institute (ANSI). Early EDI standardization efforts in the health insurance industry centered on the Uniform Billing (UB) format, developed by the Uniform Billing Committee of health care providers and payers. UB is a ubiquitous format, used by most health insurers throughout the 1990s and into the 21st century. Unfortunately, UB suffers from some major flaws. For example, it is not really a standard. It is instead a sort of quasi-standard that is adopted and then tweaked and refined by different companies, which in effect leads right back to the problems inherent in utilizing a multitude of proprietary standards. In addition, its flat-file structure makes it relatively inflexible. Because of these and other weaknesses, there have been efforts by health-care standards bodies to adopt a true (and flexible) standard. Volume V, No 2, 2004 619 Issues in Information Systems

Specifically, the U.S. government stepped in during the 1990s in order to attempt to enforce true industry-wide EDI standards for the health insurance industry. In 1991, the Bush administration called health care industry leaders together to discuss health care administrative cost reduction ideas. Leaders recommended increased EDI use within industry, and thus was formed the Workgroup for EDI (WEDI). Throughout the early 1990s, WEDI and the Association for Electronic Health Care Transactions (AFEHCT) worked on developing X12-based transactions for health care. By the mid-1990s, the Clinton administration s push toward health care reform had generated the Health Insurance Portability and Accountability Act (HIPAA), which was signed into law on August 21, 1996 [3, 4]. A major component on this act is the requirement that all electronically transmitted health care transactions be submitted using X12-based standards, particularly those created by WEDI. Thus, it is now a law that health insurers use these standards [2]. HIPAA mandated X12 formats for several common health insurance transaction types. Each type is identified by a number. The transactions include: 270/271 Health Care Eligibility/Benefit Inquiry and Response 275/277 Health Care Claim Additional Information Request and Response 276/277 Health Care Claims Status Request and Response 278 Referral Certification and Authorization 820 Payroll Deduction and Group Premium Payment 834 Health Care Plan Enrollment/Disenrollment 835 Receipt of Health Care Remittance 837 Institutional, Professional, and Dental Claims and Coordination of Benefits [5] This is no simple task. Health insurers and providers have struggled to meet the October 2003 deadline; indeed, to date many have still not succeeded in migrating to this standard. As can be expected, the cost of conversion is quite high. Although the promised long-term savings are significant, it is a major technological feat to change large-scale systems to use this new standard. Therefore, insurers and providers seek tools that can assist in the conversion effort. A major task in the conversion effort is to generate reasonable test data for software developers who are migrating from their legacy systems (usually based on UB formats) to X12-based transaction formats. This paper describes a typical problem faced by a major U.S. health insurance company, and presents a software product, called Edifice, that automatically generates X12-based transactions for software testing purposes. THE UNDERLYING BUSINESS PROBLEM AND PROPOSED SOLUTION The Edifice software, described below, was developed to meet a number of challenges, which are described in this section. First, the enterprise applications used in this health insurance company are old and complex. The HIPAA solution must be designed in such a way to deal with incoming and outgoing data without affecting the core applications. Therefore, the implementation of HIPAA is more than just a system upgrade. Security, privacy, and other HIPAA regulations force the enterprise to adapt a whole new way of doing business. This later became know as New Business Implementation (NBI) throughout the organization. In order to Volume V, No 2, 2004 620 Issues in Information Systems

meet this challenge, a new system was being considered for purchase, but that system could show no evidence of being able to support the types and volume of business that is supported by the enterprise. To complicate matters, testing in general, has not been one of the enterprise's strong points. The current test environment could not be adopted for the HIPAA conversion large scale project without involving almost all system and application developers in the testing process. Some solution was necessary to create a 'final' user acceptance environment that can be operated with few people and relatively low cost while meeting the project schedule and milestones. The cost of the project was expected to be in the hundreds of millions of dollars. The solution to this problem required an infrastructure that would address all the problems described above. Since the HIPAA implementation would impact every enterprise application, as well as applications hosted by business partners outside the physical boundaries of the enterprise, it was necessary to establish a testing platform that represents all major application within the enterprise and the major applications at the business partners' sites. This included all the mainframe, web, client/server, and desktop application platforms. Because of the complexity of the systems, the complexity of running transaction through all affected applications, and the time it would take to restore the entire environment when backout was necessary for regression testing, new technology was introduced to facilitate and expedite this process. As one component of this solution, a new kind of hardware was purchased to allow instant capture and restoration of the entire data environment, including the major DB2, IMS, Oracle, and Sybase databases. To keep the test execution production-like, all testing was done using automated test tools similar to those used for production. One important piece of this automated test environment is the Edifice software. Because the business partners were in the process of revamping their systems to support HIPAA, it wasn't feasible to depend or wait on them to provide test transactions at the time that the enterprise applications were being revamped and tested. A decision was made to create and fictitious test transactions, and wait for partners' readiness for joint testing for purpose of certifying partners' format and content of transactions. The business sector of the enterprise was not familiar with HIPAA formats or able to produce the volume of test transactions that can be used to secure the Business acceptance of the new systems. Few transactions were built by the developers, and the Business agreed to use those transactions to clone others with different members, providers, billers, and services. Edifice was designed to be a tool to allow the business to apply basically correct transactions against the groups and providers that are mission-critical. The health insurer knew the members/groups and the billers and providers that should be tested, and Edifice was to use a set of model transactions and a long list of members, providers, and clinical procedure codes to produce thousands of transactions that span all the conditions and lines of business. The next section describes the Edifice software. Volume V, No 2, 2004 621 Issues in Information Systems

A DESCRIPTION OF THE EDIFICE SOFTWARE Edifice was constructed using Microsoft Access and Visual Basic for Applications (VBA). The database table structure was constructed to (a) mirror the structure of typical X12 interface layouts, (b) provide a mechanism for business model to HIPAA transaction mapping, and (c) support a user interface for simple application of business models to HIPAA transactions. Figure 1 shows an entity-relationship diagram of the X12 structure. This corresponds with the typical structure of an X12 transaction format. Each transaction consists of a set of segments, and a particular type of segment can be associated with one or more transaction; thus you see a many-to-many relationship between transactions and segments implemented by the TransactionSegment intersection table which includes, along with foreign keys binding the transactions and segments, additional data describing the role a segment plays with a transaction. Similarly, there is a many-to-many relationship between segments and data elements, implemented by the SegmentElements intersection table which defines the role played by a data element in a segment. Finally, because some data elements are composed of, or contained within, others, we see a recursive many-to-many relationship among data elements, similar to a typical bill-of-materials format. Figure 1: An ER-diagram of X12 EDI structure A key problem faced by health providers and insurers is to map the data structures and business processes internal to their organizations into the X12 format; this is a highly difficult challenge, and requires expertise in both the company s data model and EDI formats. Thus, model mapping is a key feature of the Edifice software. Business models for this health insurance company include the following: members (and patients), health providers (physicians or hospitals), claims, inpatient and outpatient services, and service lines. Each model may be associated with one or more loop (repeatable set of segments) in one or more transaction. In addition, some models may be composed of or reference other models, forming composite models. The data structures for implementing this model mapping capability are implemented in the tables shown in figure 2. Volume V, No 2, 2004 622 Issues in Information Systems

Figure 2: An ER-diagram of business model to EDI mapping Figure 3: The main user input form for Edifice Volume V, No 2, 2004 623 Issues in Information Systems

Figure 3 shows the main user interface form for Edifice. This form allows a user to generate a test HIPAA transaction of any type by entering data into data elements. More importantly, using this form, one can apply any combination of business models (members, patients, providers, claims, services, and service lines) to create fictional transactions that (a) satisfy the test conditions that software developers need in order to validate their program algorithms, (b) make use of actual production data and therefore obtain maximally realistic scenarios, and (c) ensure patient privacy by separating claims, services, members and providers into disjoint units. In other words, although actual production data is used, the transactions that are created are completely fictional. Nevertheless, these transactions accurately reflect the types of business processes typically (and even atypically) performed by the insurer. In addition to the online form, Edifice includes a number of batch operations, which assist in generating high-volume EDI data based on randomly combining business models, creation of business models from pre-existing X12 transactions, and conversion of UB92 (uniform-billing code) transactions into HIPAA-compliant transactions. CONCLUSION: EXPERIENCES USING EDIFICE AND FUTURE DIRECTIONS During the HIPAA conversion process, Edifice was used as a pilot tool, but was never made completely operational. It demonstrated potential in its ability to apply models (providers, services, billers, members) to X12 transactions, particularly the HIPAA 837 claim transaction. However, Edifice suffered from some technical limitations. For example, it was unable to support multiple transactions, or deal with transactions where data segments wrapped across multiple lines. In addition, the business climate in which various groups were working independently of each other was an obstacle for widespread use of Edifice. It turned out that Edifice efforts were not in sync with other test processes. What had begun as an effort to create individual test transactions on a case by case basis (the underlying assumption behind Edifice s design) had mutated into the need for an enterprise-wide test bed dealing with interoperability issues and system-wide performance assurance. Edifice was unable to adapt to these needs in the limited time required to meet the HIPAA compliance deadline. Nevertheless, various features of Edifice were served useful purposes during the compliance effort. For example, Edifice was used extensively for printing and displaying transactions in a format that individuals in the organization could use despite their ignorance of EDI formats. Furthermore, it proved useful as a quick tool for compliance testing, ensuring that transactions was X12 compliant. In many cases, UB92 transactions were processed through a home-grown translator to generate X12 transactions, and then Edifice applied business models to these transactions in order to create fictional transactions for testing, which is in fact the original intent of the Edifice software efforts. Perhaps the most important contribution of Edifice for the health insurer is in its promise for future projects. Now that HIPAA compliance has been met, the next big project is to implement transactions that do not depend on social security numbers for patient and subscriber Volume V, No 2, 2004 624 Issues in Information Systems

identification; Edifice can be used to modify existing 837 transactions so that they use contract numbers that are not SSNs. In general, Edifice promises to become part of an enterprise-wide testing lab that supports a wide variety of test cases for all applications supporting the insurer s business processes. This testing lab is currently under development, and Edifice will be enhanced to apply multivariate test conditions for the generation of multiple combinations of test transactions for complex application scenarios. REFERENCES 1. Electronic Data Interchange: An Overview of EDI Standards for Libraries (1993) UDT Series on Data Communication Technologies and Standards for Libraries, Paula Tallim and Johan C. Zeeman, 1993: URL=http://www.ifla.org/VI/5/reports/rep4/rep4.htm. 2. Health Insurance Reforms: Standards for Electronic Transactions; Announcement of Designated Standard Maintenance Organizations; Final Rules and Notice. Federal Register.Vol. 65 No. 160 Aug 17, 2000 3. Fitzmaurice, J. M. (1998) A New Twist in U.S. Health Care Data Standards Development: Adoption of Electronic Health Care Transaction Standards for Administrative Simplification. International Journal of Medical Informatics. Vol 48. 19-28. 4. Mitri, M. and Choi, Y.B. (2004) Toward A Unified EDI Transaction For Electronic Health Insurance Claim Processing. Proceedings of the 34 th Annual Meeting of the Southeast Decision Sciences Institute. Feb 25-27, 2004. Charleston, SC. 5. ASC X12 Insurance Subcommittee. (2000) 837 Institutional Health Care Claim Implementation Guidelines. Washington Publishing Company. Volume V, No 2, 2004 625 Issues in Information Systems

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information