Basic EDI question:

If a company's employees must log on to an intranet to make enrollment decisions, must the enrollment process comply with the EDI Rules?

Thanks.

"Direct Data Entry" transactions must contain all required data elements, but do not need to be in the standardized format. Do employees directly affect their plan records?

(Edit for additional information) If employees do not directly affect plan records, you may be able to take the position that this collection of information is performed by the employer/plan sponsor, and not subject to HIPAA. The transmission of the collected data to the insurer would be the enrollment transaction, and subject to the EDI standards.

Thanks Steve72.

You said: "Direct Data Entry" transactions must contain all required data elements, but do not need to be in the standardized format.

Could you please give me a real-life example of what the "data elements" are versus the "standard format" in the enrollment context?

Thanks again.

The EDI rules require that each covered transaction be conducted in a specified format. Describing these formats is a technical issue, and well beyond my abilities. Each format, however, contains certain data elements (information), required to be present (e.g., name, employer, plan, etc.) Direct data entry transactions must contain all of these data elements, but do not need to be "packaged" into the correct format.

EDI compliance is a computer/technical issue rather than a legal one. I would advise involving your IT department in determining whether you have an issue.

Steve72,

I've read that the EDI Rule applies differently to self-insured plans as opposed to fully insured plans, but I couldn't find any reference to this in the Regulations. Can you (or anyone else) confirm that this is true and/or provide a cite to the regs. Thanks.

There is no distinction drawn in the EDI regulations between self-funded and fully-insured plans.

However, fully insured plans will utilize service providers (the insurer) who are themselves covered entities to engage in the transaction, whereas the self-funded plan will utilze service providers (TPAs) who are not. This may make life easier for the fully insured plan, as the service provider has an independent obligation to comply.

Note, however, that most TPAs also serve a separate function as an insurer. Although there is no HIPAA requirement that the TPA use the standard format in its role as TPA, they probably will have no difficulty doing so.