ELECTRONIC HEALTHCARE NETWORK ACCREDITATION COMMISSION (EHNAC)
ELECTRONIC TRANSACTIONS
CRITERIA
For The
HEALTHCARE INDUSTRY
13th Version
November 19, 1996
Lee Barrett, Executive Director
c/o C. W. Costello &
Associates, Inc.
100 Roscommon Drive, Suite 120
Middletown, CT 06457
Phone (860) 632-7683 Fax (860) 632-7325
For additional information see the EHNAC Web Site
http://www.EHNAC.org/
Copyright 1996. Electronic Healthcare Network Accreditation Commission (EHNAC). Federal copyright law prohibits unauthorized reproduction by any means and imposes fines up to $25,000 for violations.
Prefatory Note: Some of the Criteria may not apply, or may apply in different ways, to some applicants. A special Value Added Network (VAN) Criteria Supplement has been is included at the back of this document. Others may be developed as additional kinds of companies seek accreditation.
Accredited companies must have appropriate administrative, technical and physical safeguards to ensure the integrity and confidentiality of protected healthcare information. These safeguards must protect against any anticipated threats or hazards to the security or integrity of such information.
I.A. MEASURES TO ENSURE DATA SECURITY
Accredited Companies
IA. 1.a SHALL have policies to protect against disclosure of personally identifiable healthcare data.
I.A. 2.a SHALL maintain all necessary resources to ensure continuing compliance with data security policies, including secure methods of access to and transmission of data.
I.A. 3.a. SHALL provide educational resources to ensure employee training sufficient to maintain compliance.
I.A. 4.a SHALL use protected healthcare information about individuals only as is necessary for the processing of appropriate electronic transmissions.
I.A. 5.a SHALL refrain from selling or otherwise using personally identifiable data in such a way as to violate privacy or confidentiality as defined by government standards.
I.A. 6.a SHALL have plans for utilizing or supporting encryption as a security measure in compliance with any legislation requiring it.
Accredited companies must provide their customers the capability to send and receive data transmissions electronically in appropriate formats while assuring security, privacy, and confidentiality, timeliness, and accuracy (including effective safeguards and recovery procedures against viruses, transmission interruptions, data handling errors and other internally and/or externally caused problems). This capability must include compliance with generally accepted industry standards formats such as UB92, NSF and Accredited Standards Committee X12 and any other government- mandated standards. "Electronic Data Interchange" or "EDI" means the computer application-to-application exchange of business data in a standard format using a telecommunications network.
II.A. TRANSMISSION OF DATA
II.A. 1.a SHALL be able to receive and submit 80% of all eligible transactions electronically to all trading partners or payers who accept transactions electronically.
II.A. 1.b Should have a formal plan and timetable to further maximize eligible transactions electronically to 85% or more to all trading partners or payers who accept electronic transactions.
II.A. 2.a SHALL make available for transmission reports/data received from trading partners to customers within 24 hours of receipt.
II.A. 2.b Should make available for transmission reports/data within 12 hours of receipt.
II.A. 3.a SHALL be able to receive and submit government transactions (e.g., Medicare, etc.) at published government standards.
II.A. 4.a SHALL be able to meet current government requirements within a reasonable time frame.
II.B. CUSTOMER SERVICE INQUIRIES
II.B. 1.a SHALL have standard response times appropriate to different levels of requests.
II.B. 2.a SHALL have an acknowledgment system and a customer tracking system.
II.B. 3.a SHALL be able to acknowledge customer service inquiries within one business day.
II.B. 3.b Should be able to acknowledge inquiries within three hours.
II.B. 4.a SHALL respond with a plan of action to customer service inquiries within one business day.
II.B. 5.a SHALL have escalation procedures to follow the inquiry to completion.
II.C. TIMELINESS
Accredited Companies
II.C. 1.a SHALL submit 90% of all batch transactions within one business day or the next applicable window of opportunity.
II.C. 2.a SHALL process 90% of on-line transactions on an average of no longer than 20 seconds from the time the host recognizes the request until response is initiated
II.C. 2.b Should process 95% of on-line transaction within an average of 10 seconds from the time the host recognizes the request until response is initiated.
II.D. ACCURACY
Accredited Companies
II.D. 1.a SHALL have 90% of transactions accepted on first transmission to the trading partner.
II.D. 1.b Should have 95% of transactions accepted on the first transmission to the trading partner.
II.D. 2.a SHALL provide for the identification of errors and allow for correction by the trading partner prior to re-submission to clearinghouse or transmission to the payer.
II.E. SYSTEM AVAILABILITY
Accredited Companies
II.E 1.a SHALL have a minimum system availability that assures system access for 95% of contracted and/or advertised hours.
II.E 1.b Should have a minimum system availability that assures system access for 99.5% of contracted and/or advertised hours.
II.E. 2.a SHALL have a documented disaster recovery plan in place, including customer notification procedures.
II.E. 2.b Should periodically test the non-catastrophic portions of the disaster recovery plan.
II.F. COMPLIANCE WITH INDUSTRY STANDARDS
Accredited Companies
II.F. 1.a SHALL have the capability to handle generally accepted industry standards formats and approved Accredited Standards Committee X12 Draft Standard for Trial Use (ASC X12 DSTU) in a line of business as specified in the trading partner agreement and to meet any current applicable government standards.
II.F. 1.b Should have the capability to handle the latest released ASC X12 standards in a line of business in accordance with the published standard implementation guides
II.G. EDITING
Accredited Companies
II.G. 1.a SHALL provide payer-specific editing capabilities for 85% of trading partners who provide editing criteria with 95% accepted on first transmission.
II.H. CAPACITY MONITORING
Accredited Companies
II.H. 1.a SHALL have a capacity measuring and on-going monitoring capability.
II.H. 2.a. SHALL have a capacity plan for handling peak load and expansion including a guarantee of 95% availability without a busy signal on their in-bound transmission line.
II.J. AUDITING
Accredited Companies
II.J. 1.a SHALL provide a clear and accurate audit trail permitting monitoring of all data transactions.
II.J. 1.b Should maintain audit trail for two years.
II.K. STORAGE AND RETRIEVAL
Accredited Companies
II.K. 1.a SHALL have an off-site 90 day back-up archive, storage and retrieval capability.
II.K. 1.b Should have a seven-year back-up archive, storage and regeneration capability.
II.K. 2.a SHALL retain transaction and related transaction data on file for a minimum of 90 days.
II.K. 3.a SHALL have the ability to regenerate a transaction going back 90 days within 48 hours.
Accredited companies must have business practices that facilitate the maintenance of the technical performance Criteria and must exhibit truth-in-advertising - - i.e., the company must actually be doing what it says it will do for customers. To qualify in this Criteria area, accredited companies must: have procedures for measuring customer satisfaction; provide non-restricted systems of access; adequately provide for customer education and training; and have standard contract or service agreements.
III.A. TRUTH-IN-ADVERTISING
Accredited Companies
III.A. 1.a SHALL meet their own published Criteria and claimed capabilities.
III.A. 2.a SHALL have policies and procedures to assure that any re-marketing agreements do not endanger compliance with the accreditation Criteria.
III.B. ACCESS
Accredited Companies
III.B. 1.a SHALL provide other accredited VANs and Clearinghouses access to advertised services in conformance with applicable healthcare legislation.
III.B. 2.a SHALL comply with WEDI's recommendation that "all entities involved in the electronic transmission and processing of healthcare transactions (should) avoid activities that would prevent the lowest cost or best value-added approach of transmitting or processing healthcare transactions." (Specific activities are listed on pages 2-15 of the 1993 WEDI Report.)
III.C. SERVICE AGREEMENTS
Accredited Companies
III.C. 1.a SHALL have written service agreements with customers/ trading partners.
III.C. 2.a SHALL have written and appropriate contracts with re-marketing agents.
Accredited companies must possess the physical, human and administrative resources necessary to maintain a high level of technical performance and business practices. These resources must include: plant and equipment facilities adequate to conduct the company's current and anticipated business volume; qualified professional and staff personnel; and professional development programs to keep up with changes in the industry. While resource-related criteria are primarily expressed in terms of inputs, they are required because of their basic role as guarantors of effective outcome performance.
Since EHNAC plays the dual role of evaluator and of colleague-consultant, it may frequently be the case the recommendations for improvements in outcome performances will be based on analysis of resource sufficiency.
IV.A. PROTECTION OF DATA AND EQUIPMENT
IV.A. 1.a SHALL have physical security adequate to assure privacy and confidentiality of data and equipment.
IV.A. 2.a SHALL ensure that all data is password protected and that passwords are modified at periodic intervals; and/or when an individual having knowledge of the password changes positions or terminates employment, and/or when a security breach is suspected or identified.
IV.A. 2.b Should maintain a multi-level system/user authorization to limit access to system functions, databases, tables, and parameters from external and internal sources.
IV.A. 3.a SHALL provide mechanisms to detect unauthorized users and prohibit access to anyone who does not have an appropriate user ID and password.
IV.A. 3.b Should maintain a record of operator-attempted system access violations.
IV.A. 3.c Should maintain updates of user controlled files, databases, tables, parameters, and retain a history of update activity.
IV.B. PHYSICAL RESOURCES
Accredited Companies
IV.B. 1.a SHALL have physical resources (including plant facilities and the relevant hardware and software) adequate for accomplishing their stated mission.
IV.B. 1.b Should have expansion plan in place to anticipate increased network transmissions and changing capacity needs.
IV.C. PERSONNEL
Accredited Companies
IV.C. 1.a SHALL have sufficient qualified personnel to perform all of the tasks associated with accomplishment of their stated mission.
IV.C. 2.a SHALL provide educational resources to ensure that employees receive effective orientation.
IV.C. 3.a SHALL provide access for employees to professional development opportunities necessary to remain current in knowledge (e.g. CEBS, etc.) and skills.
IV.D. ADMINISTRATIVE RESOURCES
Accredited Companies
IV.D. 1.a SHALL have explicit written and easily available policies covering the assurance of privacy and confidentiality that protect against disclosure of personally identifiable healthcare data.
Revisions made: 1-5-96
Second revision made 1-29-96
Third revision
made 2/13/96
Fourth revision made 10/18/96
Fifth (substantial) revision
11/19/96
To The
EHNAC STANDARDS
November 19, 1996
1996 Electronic Healthcare Network Accreditation Commission (EHNAC). Federal copyright law prohibits unauthorized reproduction by any means and imposes fines up to $25,000 for violations.
|
Applies To (C=Clearinghouse, V=VAN) |
Number (Version 13, November 19, 1996) |
Current Test, with Proposed VAN Variation in Italics |
Comments |
|
|
I |
PRIVACY AND CONFIDENTIALITY |
|
|
|
I.A |
MEASURES TO ENSURE DATA SECURITY |
|
|
CV |
1a |
|
|
|
CV |
2a |
|
|
|
CV |
3a |
|
|
|
CV |
4a |
|
|
|
CV |
5a |
|
|
|
CV |
6a |
|
|
|
|
II |
TECHNICAL PERFORMANCE |
|
|
|
II.A |
TRANSMISSION OF DATA |
|
|
C |
1a |
SHALL be able to receive and submit 80% of all eligible transactions electronically to all trading partners or payers who accept transactions electronically. |
|
|
(V) |
Proposed VANs: |
SHALL be able to receive and submit 100% of all eligible transactions electronically between trading partners connected to your network. |
Distinction: VANs typically are 100% electronic |
|
C |
1b |
Should have a formal plan and timetable to further maximize eligible transactions electronically to 85% or more to all trading partners or payers who accept electronic transactions. |
|
|
(V) |
Proposed VANs: |
Should be able to receive and submit 100% of all eligible transactions electronically between trading partners on interconnected networks. |
Raises level for VANs |
|
CV |
2a |
|
|
|
CV |
2b |
Should be able to transmit reports/data within 12 hours of receipt. |
|
|
CV |
3a |
|
|
|
CV |
4a |
|
|
|
CV |
II.B |
CUSTOMER SERVICE INQUIRIES |
|
|
CV |
1a |
|
|
|
CV |
2a |
|
|
|
C |
3a |
SHALL be able to acknowledge customer service inquiries within one business day. |
|
|
C |
3b |
Should be able to acknowledge inquiries within three hours. |
|
|
(V) |
Proposed VANs: |
SHALL be able to acknowledge 90% of operational critical customer service inquiries within one hour. Should be able to acknowledge 90% of operational critical inquiries within 30 minutes. |
Raises level for VANs |
|
C |
4a |
SHALL respond with a plan of action to customer service inquiries within one business day. |
|
|
(V) |
Proposed VANs: |
SHALL respond with a plan of action to operational critical customer service inquiries within four hours. |
Raises level for VANs |
|
CV |
5a |
|
|
|
|
II.C |
TIMELINESS |
|
|
C |
1a |
SHALL submit 90% of all batch transactions within one business day or the next applicable window of opportunity. |
|
|
(V) |
Proposed VANs: |
SHALL transmit 90% of all valid batch transactions and store and forward data within thirty minutes of receipt. Should transmit 90% of all valid batch transactions and store and forward data within ten minutes of receipt. |
Raises level for VANs |
|
CV |
2a |
|
|
|
CV |
2b |
|
|
|
|
II.D |
ACCURACY |
|
|
C |
1a |
SHALL have 90% of transactions accepted on first transmission to the trading partner. |
|
|
(V) |
Proposed VANs: |
SHALL deliver 95% of transactions accepted on first transmission to the trading partner. |
Raises level for VANs |
|
C |
1b |
Should have 95% of transactions accepted on the first transmission to the trading partner. |
|
|
(V) |
Proposed VANs: |
Should deliver 99% of transactions accepted on first transmission to the trading partner. |
Raises level for VANs |
|
C |
2a |
SHALL provide for the identification of errors and allow for correction by the trading partner prior to resubmission to clearinghouse or transmission to the payer. |
|
|
(V) |
Vans: |
SHALL provide for the monitoring and reporting of bad data transmissions to the sender. |
Stated in more meaningful terms |
|
|
II.E. |
SYSTEM AVAILABILITY |
|
|
CV |
1a |
|
|
|
CV |
1b |
|
|
|
CV |
2a |
SHALL have a documented disaster recovery plan in place, including customer notification procedures. |
|
|
(V) |
Proposed VANs: |
SHALL maintain a minimum network access availability as measured by the industry standard known as the P-factor equal to five or PUS; that is, no more than five busy rings in 100 calls. Should maintain a minimum network access availability, as measured by the industry standard known as the P-factor equal to one or PUI,; that is, no more than one busy ring in 100 calls. |
Adds measurement for VANs |
|
CV |
2b |
|
|
|
(V) |
Proposed VANs: |
SHALL have a telephone company escalation procedure that will provide for a minimum of a one-hour telephone company contact time for telephone company identified network problems. |
Adds measurement for VANs |
|
|
II.F |
COMPLIANCE WITH INDUSTRY STANDARDS |
|
|
CV |
1a |
|
|
|
CV |
1b |
|
|
|
|
II.G |
EDITING |
|
|
C |
1a |
SHALL provide payer-specific editing capabilities for 85% of trading partners who provide editing criteria with 95% accepted on the first transmission. |
Distinction: VANs typically do not edit (or even examine contents of data) |
|
|
II.H |
CAPACITY MONITORING |
|
|
CV |
1a |
|
|
|
CV |
2a |
|
|
|
|
II.J |
AUDITING |
|
|
CV |
1a |
|
|
|
C |
1b |
Should maintain audit trail for two years. |
|
|
(V) |
Proposed VANs: |
Should maintain mailbox audit trail for 30 days. |
VANs typically do not store data |
|
|
II.K |
STORAGE AND RETRIEVAL |
|
|
C |
1a |
SHALL have an off-site 90-day back-up archive, storage and retrieval capability. |
|
|
C |
1b |
Should have a seven-year back-up archive, storage and regeneration capability. |
|
|
C |
2a |
SHALL retain claim and related transactions on file for a minimum of 90 days. |
|
|
C |
3a |
SHALL have the ability to regenerate a transaction going back 90 days within 48 hours. |
|
|
(V) |
Proposed VANs: |
SHALL be capable of providing 30-day mailbox archive, storage and retrieval capability. |
VANs typically do not store data |
|
|
III |
BUSINESS PRACTICES |
|
|
|
III.A |
TRUTH-IN-ADVERTISING |
|
|
CV |
1a |
|
|
|
CV |
2a |
|
|
|
|
III.B |
ACCESS |
|
|
CV |
1a |
|
|
|
CV |
2a |
SHALL comply with WEDI's recommendation that "all entities involved in the electronic transmission and processing of healthcare transactions avoid activities that would prevent the lowest cost or best value-added approach of transmitting or processing healthcare transactions." (Specific activities are listed on pages 2-15 of the 1993 WEDI Report.) |
|
|
(V) |
VANs: |
SHALL be capable of interconnecting to other VANs complying with accepted ANSI ASC X12 Mailbag standards or X400. |
Adds measurement for VANs |
|
|
III.C |
SERVICE AGREEMENTS |
|
|
CV |
1a |
SHALL have written service agreements with trading partners. |
|
|
(CV) |
2a |
|
|
|
|
IV |
RESOURCES |
|
|
|
IV.A |
PROTECTION OF DATA AND EQUIPMENT |
|
|
CV |
1a |
|
|
|
CV |
2a |
|
|
|
CV |
2b |
|
|
|
CV |
3a |
|
|
|
CV |
3b |
|
|
|
CV |
3c |
|
|
|
|
IV.B |
PHYSICAL RESOURCES |
|
|
CV |
1a |
|
|
|
CV |
1b |
|
|
|
|
IV.C |
PERSONNEL |
|
|
CV |
1a |
|
|
|
CV |
2a |
|
|
|
CV |
3a |
|
|
|
|
IV.D |
ADMINISTRATIVE RESOURCES |
|
|
CV |
1a |
|
|