Tuesday, August 10, 2010

Scare Tactics

Scare tactics are dangerous, but they can also be a useful way to encourage people to pay attention.  I know I've used them to get people to pay attention to standards, but it is also a good idea to ensure that you have the information to back up your claims [pun intended].

Recently I ran into a blog post and white paper on HIPAA and use of HL7 standards that looked just a bit dubious.  On further review, the content in the whitepaper describes the thinking about the claims attachments rule more than 10 years ago.  On further investigation, it reproduces that same content from an 8-year-old paper from the same author, and so I can CONFIRM this information to be very much out of date.  If you think you need HL7 for HIPAA today, ask for a reference to the regulation requiring it (and send me a copy).  I would like to say otherwise, but at present, I haven't seen any proposed or current regulation that requires the use of the HL7 Version 2 or CDA standard for claims related transactions.  If I'm wrong (and I'd love to be), I'll publicly apologize.

The blog post presents a claim that "hidden in the details" of HIPAA is a requirement to use HL7 standards.  You won't find that requirement in any HIPAA related legislation, you'd have to read the actual regulations.    Recently I listed out a collection of regulations and laws that I keep up with (see What is the Gunge in my Head [pdf]).  

Only one piece of the HIPAA related regulation requires the use of HL7 standard for claims transactions, and that is the Claims Attachments Notice of Proposed Rulemaking (pdf).  While that NPRM requires use of an HL7 standard, that is a notice of a PROPOSED rule, not a final rule.  Furthermore, if you look at the dates, and have been following the Claims Attachment regulation, you'll see that there has been no further action towards this rulemaking. 

The Clinical Operations workgroup of the HIT Standards Federal Advisory Committee have been reviewing the case for Claim Attachments as well.  Under ARRA/HITECH, HHS is REQUIRED again, to create regulation for Claims attachments.  Hopefully, they will be successful this time, because twelve years after the fact, they still haven't created the required regulations under HIPAA.  Currently, it appears that an approach similar to that promoted by HITSP for the Consults and Transfers of Care Use case, and subsequently the Clinical Notes and Documents Extension.   This is described to some degree in HITSP Capability 119: Communicate Structured Document (pdf), and makes use of HITSP C83 CDA Content Modules specification.

I expect that the general claims of the blog post are correct, you will likely need to use HL7 standards for claims transactions, but I think the details are wrong.  Here are my PREDICTIONS*:
  1. You will likely need to use HL7 CDA Standard for attachments, using CCD templates where applicable, and other HL7, IHE, HITSP or other SDO developed templates where CCD does not provide a template.
  2. The regulation is likely a couple of years away with regard to implementation deadlines, not something immediately needed, but probably right around the corner. 
  3. The Secretary of HHS will hoefully take into account the 5010 and ICD-10 regulation currently in final rule form into account when setting deadlines for attachments.
Finally, in any product claim, be wary of anything claiming or asserting compliance to HIPAA or any other regulation.  While conformance to standards selected by regulation is a product requirement, compliance to regulation like HIPAA is an organizational responsibility.  The difference may seem subtle, but it is as important as the distinction between certification of product, and the meaningful use of HIT.


* My predictions are just that, predictions.  There is no certainty behind them, and you take responsibility for your own use of them.

P.S.  If you change HIPAA to ARRA or HITECH, and payment to meaningful use incentive, the post and white paper would much closer to being accurate.  Just because HL7 isn't yet required for payment transactions, doesn't mean you shouldn't be paying attention.


  1. Thank you for bringing this to our attention. As you mentioned, the content of the referenced white paper is over eight years old, and with the inception of ARRA, HITECH & Meaningful Use, is outdated. We have removed the white paper to prevent any future misunderstanding. It is worth noting that the white paper was based on an article published by the same author eight years ago. The article content has been republished by various sites, including www.allbusiness.com and other directories that are well beyond our control. Thank you for this post, your blog and participation in the healthcare standards community. We share your passion for productive discussions on standards and are thankful for blogs like this one to help build insight and enthusiasm for the ever evolving world of healthcare IT.

  2. Thanks, I appreciate it, and the speediness of your response. It's important that we, as leaders of the HIT community, provide accurate information.