This week on the HIPAA Vault Podcast, we discuss the importance of Electronic Data Interchange (EDI) files in healthcare. Check out our blog for more details!
Transcript:
Adam
Hello and welcome to The HIPAA Vault Show, where we discuss all things HIPAA compliance in the cloud. My name is Adam Zeineddine and I’m joined today. If you’ve listened to our podcast before, you’ll know him already. But I’m joined today if you’re a new listener by the Chief executive and chief Technology officer of HIPAA Vault, mr. Gil Vidals. Hi, Gil.
Gil
Hey, Adam. Thanks for that.
Adam
Got it. I’ve got a longer introduction, if you like. Joining me in the cloud from a US based nondescript location over a secure connection is Mr. Gil Vidals. How about that?
Gil
That like I that, sounds very James Bond-ish. Kind of incognito.
Adam
Yeah. Okay, great. So today what we’re going to be discussing is EDI and EDI files in Healthcare. Before we get started, please do click subscribe if you’re watching us on YouTube and give us a like, it really helps us. Thank you very much for that. So, to get into it, let’s talk a little bit about what EDI is. Gil I’ll just take us through that and then maybe you can help us delve into the technical aspects of this a little bit. So EDI stands for Electronic Data Interchange, and it is essentially electronic exchange of business documents and data. And that exchange happens between different organizations. And the key to EDI is it’s standardizing the format of the exchange of that data. And obviously, because we work in HIPA and Healthcare, we’re going to be focusing a little bit on EDI and healthcare today.
Adam
So the typical organizations that EDI exchange takes place between, they’re categorized into three different types of organizations. So you’ve got a sponsor, a payer and a provider. Sponsor is typically an employer. So an employer that’s signed up for healthcare insurance for their employees, the payer is the insurance company, typically, and then the provider is the healthcare organization. And there’s quite a few healthcare specific EDI files, to name a few. There’s a 270 EDI, which is the initial claim from the provider to the payer. So if you think about when you go and receive healthcare in the US. And you get a treatment, you don’t necessarily think about what EDI formats going on in the background, but you go and get a treatment, maybe you pay a copay, and then that provider will go and send that information to the payer.
Adam
And that is the 270 initial claim format. And there’s a 271, which is the response back from the payer to the provider. And the list goes on. Eight three four, I think is a very well known one, and that is benefits enrollment data. And that’s from sponsor to the payer. So that’s from the employer to the insurance company, the eight three four file. And so, yeah, the list goes on. There’s eight three five. There’s eight three seven. But that just gives you a little bit of an idea of what EDI is. Gil there’s also an extra term here which I think it would be good for us to flesh out, which is ANSI X Twelve. Could you talk a little bit to that? And then also in general, how standardizing the format of the files helps with efficiency and maybe HIPAA compliance.
Gil
Sure, that’s a good introduction, Adam. So first of all, generally speaking, all these formats that you hear, all these terms, these 834 and 820 and ANCX twelve and all that, these are really just digital formats. So in the old days, you only had paper and pencil, and all these things that we’re talking about today were done manually. And as you can imagine, that would be cumbersome, error prone. You could lose the paper, spill your coffee on it, who knows? And it’s hard to transmit. That’s the key point. When you go digitally, it just becomes very quick and easy to transmit something at the speed of light. You can have the records go over, and these different numbers just represent kind of like a language. Let’s say, for example, somebody can speak Portuguese or Russian or Hebrew or Italian. Right.
Gil
So they have to speak to each other in that language. Well, these protocols are the same thing. Each number represents kind of like a different language or format. And ANSI X Twelve is just another one of those formats in and of itself. Adam it’s not secure. It’s just a format. Think about it just as text. And so if you’re going to transmit that for health HIPAA compliance, you need to follow and adhere to all the security protocols to keep that digital information in the ANCX Twelve format safe. That means you should encrypt the file, first of all, and then you should send it over an encrypted connection like Https. So you would want to make sure you’re adhering to that. The opposite of that would just be, oh, well, here’s my ANC Twelve file. I’m just going to send it via email to somebody.
Gil
That wouldn’t be very good because it’s not encrypted, and it’s not necessarily sent via an encrypted transport because email can. Maybe it’s encrypted, maybe it’s not. So hopefully that helps a little bit.
Adam
Yeah, absolutely. So summing up there, it helps reduce the paper trail by having it in a digital or electronic format. That’s definitely a key point there. And then standardizing the approach to files obviously makes things more efficient in general. Okay, well, that brings us on to a specific case study that I think we’re going to discuss today, which is we completed a successful project for an existing client to do with EDI. Is that right?
Gil
Yeah, it was a university related customer that had already systems within our network, and they wanted to transmit some of the records over to, I think to the sponsor. And so this was a good example of a case where these records need to be transmitted. And it’s interesting because they could have selected some off the shelf software. They could have just hit a button online, bought some software, but as you can imagine, a lot of the software these days requires well, it costs money, but also a lot of these things are hosted in the cloud. So you have to have now you introduce a third party that’s going to be you have to connect your system to that third party and they’re going to be looking at your stuff and then sending it off.
Gil
So they asked us to do the programming and put things in the right format, in this case, the 834 format. So we did that for them and then were able to ensure that the connection was secure. It’s encrypted and secure when they sent that file off every day or every hour, whatever they set up. So were able to help them in that regard. And I think the case study is interesting. As I said before, the cloud providers that offer these kinds of services, they know what they’re doing and they’re good services, but in some cases, companies, especially larger ones, they want to manage that whole process. They don’t necessarily want to introduce a third party.
Adam
Yeah, for this case study, I believe it was a fairly large fund right, from the university. Could you talk a little bit about how long it took to get this initially set up and then delivered for them?
Gil
I think if I remember right, it took about two weeks of work. And what you have to do is once you have the data, you have to follow the specifications for the 834 format. So the programmer had to look at the format and make sure that the data was put in the exact right format and then test that out. So there was a lot of testing done to take in dummy data and then make sure it’s formatted and then send it off and make sure the receiver can read it and open the file and accept the formatting. Otherwise it’s rejected with an error code. So there’s some trial and error that has to be done till finally you have success and say, oh good, we format it correctly. The receiver accepted it and acknowledged that it was fine.
Gil
They give you back code saying, hey, this is all looking good. So there’s quite a bit of testing until it was dialed in. And so it’s about two weeks worth of work to do that.
Adam
Yeah, it was a successful project because I believe that we’re actually continuing to expand the development for them.
Gil
Yeah, I think you’re right. I think the first one had to do with a dental plan, if I remember right, or vision. And now they’re going to add the second plan as well.
Adam
Yeah. Well, that’s fantastic. And listeners, viewers, if you’re interested in learning more about EDI, specifically, go to Hippavault.com and we have a dedicated blog and then also a page that walks you through that and you can reach out to us there and let us know what you’re looking to accomplish and we’d be happy to help you there. Gil, did you have any other points on EDI? Obviously, this is a fairly high level overview, but I think we covered quite a bit there.
Gil
Well, I would just say that be careful. If you’re using EDI and you have data that you’re handling and you’re not quite sure, you might say, well, wait a minute, I don’t know for sure if this is encrypted and secure end to end. There might be some pieces of the trail. So this information goes from point A to point B to point C to point D, and you say, go, oh, I don’t know. From point C to D is really secure. I have doubts. So you should know how the data is traveling. And even if you’re nontechnical, I always like to address our entire audience. And they’re not all technical. So if you’re not technically like, well, how am I supposed to know if it’s secure?
Gil
Well, just sit down for five minutes and talk to your tech people and just say, just tell me where the data is going from back of a napkin. Say it’s going from our data center here in Houston to the processing agency in Texas, and you just basically draw it out. Just listen to what they say. And then that’s step number one. And then number two, once you have the back of the napkin drawn, then you could just call each one of those vendors in those locations and say, hey, tell me how you’re securing the data. And you might be surprised. You might call one of those people and they say, well, when you guys bought our service, you didn’t check the box. It says you needed a HIPAA compliant and that’s extra fee. And you’re like, oh, you do need HIPAA compliance, because there’s PHI, right?
Gil
That’s right. So simply asking the question and following up to make sure talking to vendors and this is not an exercise that would take forever, something that even a non technical person, really a manager should be doing that to oversee and question. Like they say, trust and verify. Right. If you heard it’s supposed to be encrypted, well, now you’re just verifying. And it’s worthwhile doing that because, as you know, if you lose patient records, the fine can be quite steep, and it’s per patient record. So if you have 1000 records being transmitted every night, and though somehow it gets in the wrong hands, that’s 1000 times $250 times 2500 times 1000. So it could be $500,000 fine if you lose 1000 patient records. So it’s quite steep.
Gil
And so because of that, it behooves everyone to really walk through that in their mind back of a napkin and make sure that’s good.
Adam
Absolutely. Yeah. So definitely take a look at your current posture there. Well, in this episode, we’ve explored briefly the pivotal role that EDI electronic Data interchange plays in healthcare. We also discussed the importance of standard EDI formats and ANSI X twelve. And we delved into a real world case study with a university and addressed data security and HIPAA compliance concerns that come up. So that’s it for this episode. If you have any questions, we hope you enjoyed it. And if you have any questions, you can email us at podcast@hipaavault.com or tweet us at @hipaahosting. And thanks for watching. And until next time, thanks for stopping. Bye.