Sheila H. Schweitzer
Chairperson & CEO
CareMedic Systems, Inc.

Updating HIPAA Standards
The Vendor Perspective

of the

Association For Electronic Health Care Transactions (AFEHCT)

As presented by

John Hawkins

To the

National Committee on Vital and Health Statistics
Subcommittee on Standards and Security

December 8, 2005

Mr. Co-chairmen, members of the subcommittee, and staff, good morning I am happy to be here to discuss issues pertinent to “Updating HIPAA Standards”.

I am John Hawkins, I have been in the healthcare industry in both the provider and vendor arenas for over 30 years and am currently a Product Manger at QuadraMed with responsibilities for our implementation of HIPAA, including the X12 transactions, the code sets, identifiers, security and privacy. QuadraMed is a company located in Reston, Virginia that provides information technology, systems and services to the healthcare industry with Hospital Information and Health Information Management systems.

Today I am representing the Association For Electronic Health Care Transactions (AFEHCT). AFEHCT is a health care IT vendor industry action group with a focus on federal public policy as it relates to the application of EDI, e-commerce, the Internet and health care IT software to the solution of problems associated with the delivery, financing and administration of health care in both the public and private sectors.

AFEHCT serves:

Billing Services
Practice Management System Vendors
Patient Accounting / Revenue Cycle Systems
Hospital Information System
Electronic Medical record Systems
Vendors that Assist State Medicaid programs
Vendors of translator, mapper, integration brokers.

Representing vendors today, I want to speak on how changes to the existing methods used to implement new versions of the transactions and code sets can be made to allow the process to be more responsive to the industry as HIPAA continues to evolve as a major part of everyday operations in healthcare organizations.

As the transaction and codes set implementations have occurred it has become evident that when put to the test of day-to-day operations some deficiencies exist. As an industry those deficiencies are addressed through the appropriate Standards Development Organizations (SDO). The issue now is the length of time it is taking to get those changes adopted for implementation by the industry, specifically migrating to a newer version of the HIPAA standards. Version 4050 was completed more than a year ago, and version 5010 of the X12 transaction standards should be ready for adoption by DHHS by late third quarter 2006.


Today the Designated Standards Maintenance Organization (DSMO) reviews the requests for changes to the standards, which are then forwarded to NCVHS for consideration. Then NCVHS holds hearings, like today’s, and would presumably submit a letter of recommendation to the Department of Health and Human Services (DHHS) to adopt the newer version of the standard(s). DHHS commences the Federal Rulemaking process, which includes a Notice of Proposed Rule Making (NPRM) step, followed by industry comments and responses by DHHS, and finally the issuance of a Final Rule that would also indicate the compliance date. It is this process that has led to today’s situation where the SDOs have made changes to the standards to meet new industry needs, but adoption of these newer versions has not occurred. It is the Federal process and specifically the NPRM process that AFEHCT wishes to comment on.


AFEHCT’s position is that the SDOs and their processes represent a responsive means to assess change requests, provide industry comment opportunities and formulate timely decisions on providing solutions that support the continued evolution of HIPAA. AFEHCT proposes the SDO’s standards development process, which includes a public comment period and SDO responses to those comments should be adequate to meet the Federal Requirements as outlined in the Federal HIPAA law to bring forward modifications to standards that have already been adopted by HIPAA without requiring an additional public comment period by way of the NPRM. The DHHS should issue a final rule change to the adopted HIPAA standards that would change the reference to Implementation Specifications (Implementation Guides) to be those that represent the newer version of the standard that were recommended for adoption by the SDO and the DSMO. The SDOs process is open to the public during development and comment periods for all proposed changes. AFEHCT also proposes that notices be placed in the Federal Register announcing when an SDO is conducting a public comment period, so that notification is consistent with other changes to HIPAA and made available to the same audience who currently monitor the Federal Register for such announcements regarding regulatory changes. Making this change will expedite the implementation of modifications already agreed upon by the SDOs. It will also eliminate the redundant comment periods, one by the SDO and one as a result of the NPRM. For efficiency sake having a single comment period will speed up the process.

Another effect of this change is the industry will be able to determine the impact of making changes and establish an industry driven consensus through the DSMO for the frequency of change. It is important to vendors that changes be manageable and predictable. Having smaller and more frequent updates will make it easier for us to provide to our customers those changes in regular software releases. This will also serve to improve the adoption rate of these changes within the industry. It seems likely that the industry could accommodate changes on a 2 to 3 year cycle. Having some predictability would also allow us as vendors to better plan for the efforts it takes to maintain compliance with HIPAA.

AFEHCT’s position is HIPAA has established the transaction and code sets, such as the 270/271 and 837 and that the industry through the SDOs should determine the versioning of those transactions and the migration timelines moving forward. AFEHCT also believes that while certain levels of backward compatibility are necessary at the core of the transaction set structures, that migration to future transaction set versions should occur at the version level and that software should help with staggered adoption timelines of new versions.

In summary, AFEHCT has several recommendations:

  • Eliminate the NPRM process for changing versions of the transaction sets
  • Move the authority to make changes to the existing HIPAA standards to the SDOs.
  • Have DHHS post notices in the Federal Register indicating when an SDO is scheduling a public comment period for a previously adopted standard under HIPAA.
  • Streamline the comment process by allowing the use of the public comment period and responses already in place at the SDOs to meet HIPAA requirements.

By allowing the SDOs the ability to react to changes in a timely way and to implement improvements in the transactions sooner, the realization of the vision of HIPAA for true administrative simplification through automation supported by standardization will occur more quickly.

Thank you for the opportunity to speak with you today on behalf of AFEHCT and the vendor community.

Contact information:

John Hawkins
Phone: 703 709-2317