HIPAA 5010 testing and adoption


Published on

thoughts on business and IT aligment, planning implementation of HIPAA 5010, organizational readiness, preparation for ICD-10 for health plans "payers"

Published in: Health & Medicine
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

HIPAA 5010 testing and adoption

  1. 1. Managing the Conversion to HIPAA 5010 February 18, 2010<br />Mike Arrigo<br />Managing Partner, CEO<br />No World Borders, Inc.<br />For more details, assessment info<br />5010@noworldborders.com<br />(Please send from your payor or provider email domain address)<br />http://www.noworldborders.com/HIPAA5010MigrationServices.html<br />
  2. 2. 5010 Topics<br />Planning & organizational readiness<br />Requirement audits & testing<br />Vendor selection cautions<br />What defines production ready?<br />Opportunities<br />http://www.noworldborders.com/HIPAA5010MigrationServices.html<br />
  3. 3. HIPAA 5010 Planning<br />http://www.noworldborders.com/HIPAA5010MigrationServices.html<br />
  4. 4. Planning:Identify Principles for Stakeholder Interaction<br />Address 4010 to 5010 cutover issues<br />Review current applications, IT projects<br />Design approach<br />Impacted systems<br />Vendors<br />Members<br />Providers<br />Requirements development & audit<br />http://www.noworldborders.com/HIPAA5010MigrationServices.html<br />
  5. 5. HIPAA 5010 Implementation Approach<br />Business and IT Alignment – Business, technology, strategies, and resources must be aligned to achieve results.  Business roadmap meets IT portfolio mgmt.<br />Process Change and Innovation –Working with people and helping them see a better way to work. <br />Manage Expectations, findquick wins<br />Help the team Visualizethe process to improve buy-in<br />Change Management & Communication – Communicate and distribute critical business knowledge, share the “wins” via social media<br />Best-Practices Measurement – Best practice methods, and testing frameworks<br />http://www.noworldborders.com/HIPAA5010MigrationServices.html<br />
  6. 6. Planning – Do Not Underestimate<br />Dec. 31, 2010, payers and providers complete first level testing<br />Conduct internal testing throughout 2010<br />Once you realize that Level Two testing must be completed by the end 2011, final compliance dates are not so far away<br />http://www.noworldborders.com/HIPAA5010MigrationServices.html<br />
  7. 7. HIPAA 5010 Organizational Readiness<br />http://www.noworldborders.com/HIPAA5010MigrationServices.html<br />
  8. 8. Organizational Checklist (1 of 2)<br />http://www.noworldborders.com/HIPAA5010MigrationServices.html<br />Vendor<br />Agnostic<br />Approach<br />Industry<br />Standards <br />Group<br />Membership<br />Experience<br />With HIPAA, Multiple<br />Health Plans<br />X12 Transactions & Acks<br />Experience<br />Understand<br />Association Specific Technologies<br />Vendor<br />Claims System<br />SMEs<br />Understand<br />TR3<br />Impl. Guides<br />
  9. 9. 5010 Organizational Readiness ChecklistOverall Industry Expertise (2 of 2)<br /><ul><li>HIPPA 4010a and HIPAA 5010 regulatory requirements expertise
  10. 10. WEDI experience (an industry standards organization for EDI transactions)
  11. 11. Understand WEDI/NCHICA 5010 implementation timeline
  12. 12. CMS, ICD-9 and ICD-10 experience to understand global “end game” ramifications</li></ul>http://www.noworldborders.com/HIPAA5010MigrationServices.html<br />For Bios & Detail Capabilities<br />Contact Us<br />
  13. 13. HIPAA 5010 Requirement Audits:Insurance Policy AgainstRework Downstream<br />http://www.noworldborders.com/HIPAA5010MigrationServices.html<br />
  14. 14. Audit Capabilities Check List:Regulatory Experience & Judgment<br />Understand unique architecture and business organization<br />Perform review of business requirements & artifacts<br />Provide a detailed regulatory gap analysis between:<br />HIPAA 5010 Final Rule and X12 Implementation Guides for HIPPA 5010 covered transactions and acknowledgements) <br />System (i.e., receiving, archiving, validating, transforming, processing and responding) <br />Facilitate defining the steps to complete 5010 Functional Specifications<br />http://www.noworldborders.com/HIPAA5010MigrationServices.html<br />
  15. 15. HIPAA 5010 Testing<br />http://www.noworldborders.com/HIPAA5010MigrationServices.html<br />
  16. 16. According to Gartner,A large portion of the work effort and cost for HIPAA 5010 will be in testing1<br />www.noworldborders.com/HIPAA5010MigrationServices.html<br />13<br />Majority of HIPAA 5010 testing isn’t about HIPAA compliance. It’s about your back end systems, end to end claims processing . . . etc.<br />1Version 5010 Regulatory Impact Analysis – Supplement September 2008 <br />This document was prepared by Gartner, Inc., under a contract to the Centers for Medicare & Medicaid Services (CMS) <br />
  17. 17. www.noworldborders.com/HIPAA5010MigrationServices.html<br />14<br />Ensure You Have HIPAA Testing Thought Leadership On Your Team<br />Quality Assurance Methodology and Framework <br />BRS, Functional requirements<br />System / integration / UAT testing<br />Design documentation<br />End to end testing<br />Test Automation<br />Test Data Management<br />Trading Partner Testing / On boarding<br />Reusability of Artifacts for ICD-10<br />
  18. 18. http://www.noworldborders.com/HIPAA5010MigrationServices.html<br />Test<br />Strategy<br />Test<br />Automation<br />Test data<br />&<br />HIPAA Privacy<br />Test<br />Methodology<br />External<br />Testing<br />Internal <br />Testing<br />
  19. 19. System Inventory, Test & Transition Plan(Sample Artifact)<br />http://www.noworldborders.com/HIPAA5010MigrationServices.html <br />
  20. 20. Detail Test Framework(Sample Artifact)<br />http://www.noworldborders.com/HIPAA5010MigrationServices.html<br />
  21. 21. Market Intelligence<br />Laggards<br />Lack of business & IT alignment<br />CIO short term budget concerns<br />Just getting started in understanding the landscape of vendors and approaches<br />Leaders:<br />Working to beat deadlines<br />Investing heavily in process, people, systems<br />Challenged by legacy issues<br />Intent on outsourcing claims processes for laggards, at a profit<br />http://www.noworldborders.com/HIPAA5010MigrationServices.html<br />
  22. 22. HIPAA 5010 Vendor SelectionAuditing, Testing, Implementation (page 1 of 2)<br />http://www.noworldborders.com/HIPAA5010MigrationServices.html<br />
  23. 23. Issues to Consider<br />HIPAA Transactions Experience:<br />820, 834, 835, 837 P, 837 I, 837 D, 270/271, 276/277 and 278 transactions and 999, <br />Acknowledgements<br />TA1 <br />277CA<br />Look for people who have lived through NPI, 4010…<br />http://www.noworldborders.com/HIPAA5010MigrationServices.html<br />
  24. 24. Impact of HIPAA Title II, Subtitle FWith Respect to 5010 EDI Standards<br />Privacy & Security<br />Transactions<br />Code sets<br />Identifiers<br />Trading partner security & governance risk assessments<br />http://www.noworldborders.com/HIPAA5010MigrationServices.html<br />
  25. 25. HIPAA 5010 Vendor SelectionAuditing, Testing, Implementation (page 2 of 2)<br />http://www.noworldborders.com/HIPAA5010MigrationServices.html<br />
  26. 26. System Integration &Testing Approach, Ideas<br />The interoperable cloud—tying heterogeneously tested data together with today's Web standards<br />Packaged pathways—extending popular integration tools into the cloud<br />New best practices—ensuring security and availability for dispersed resources<br />Strategic opportunities—focusing on what you do best, using SOA to help with integration issues<br />http://www.noworldborders.com/HIPAA5010MigrationServices.html<br />
  27. 27. Prediction Based on Experience<br />Most large IT projects fail on the first attempt<br />Usually, the cause is lack of business & IT alignment<br />Difficult to balance day to day with innovating new business value via IT<br />Talent management plans are an after thought<br />Suggestion for 5010 success: Make an early investment in outside professional guidance on these and other issues identified<br />http://www.noworldborders.com/HIPAA5010MigrationServices.html<br />
  28. 28. No World Borders 5010 Consulting Services<br />Strategic Planning<br />Project Management<br />Subject Matter Experts <br />Auditing & Testing of for 4010 to 5010<br />Team Experience with ~ 25 health plans and providers<br />Private Equity backing with 10 years’ experience<br />25<br />
  29. 29. Conclusion<br />Planning & organizational readiness <br />Requirement audits & testing planning reduces risk<br />Augment with experts if needed<br />Vendor selection cautions – ensure proper experience<br />http://www.noworldborders.com/HIPAA5010MigrationServices.html<br />
  30. 30. Mike Arrigo<br />Managing Partner, CEO<br />No World Borders, Inc.<br />For more details, assessment info<br />5010@noworldborders.com<br />(Please send from your payor or provider email domain address)<br />noworldborders.com/HIPAA5010MigrationServices.html<br />
  31. 31. Supporting Material<br />http://www.noworldborders.com/HIPAA5010MigrationServices.html<br />
  32. 32. www.noworldborders.com/HIPAA5010MigrationServices.html<br />29<br />Track Record<br />Founded 2000<br />“Real life” experiences with NPI & HIPAA implementation<br />Recent success story: Excellus BCBS<br />Experience with several different Blues<br />Seven claims systems implementations<br />Backed by Private Equity Firm, Strong Financials<br />Consultants in U.S., Latin America, E.U., Asia<br />29<br />No World Borders<br />
  33. 33. www.noworldborders.com/HIPAA5010MigrationServices.html<br />30<br />Capabilities Overview<br /><ul><li> Collective experience working with over 21Blues
  34. 34. WEDI experience
  35. 35. Blues Technology
  36. 36. ITS, Blue Exchange, Blue Squared
  37. 37. Software / tools vendor relationships, subject matter expertise
  38. 38. HIPAA 4010, 5010 regulatory, technical, and process expertise
  39. 39. ICD-10 regulatory, technical, and process expertise
  40. 40. Testing & validation tools & methods</li></ul>30<br />
  41. 41. www.noworldborders.com/HIPAA5010MigrationServices.html<br />31<br />Audit Quality Assurance & Testing100 Years Collective Experience in Audits & Quality Assurance <br />Healthcare, Financial and Pharmaceutical Verticals<br />Pharmaceutical & Healthcare testing<br />Configuration, Release Management<br />Test Data & Automation Management<br />Team participates in WEDI transaction & testing work groups<br />Accomplishments<br />Team created CCAP Testing Methodology<br />Tested all Major EDI Translators and Validators for 4010A<br />Original “Certifier of Certifiers” Process<br />Author of HIPAA Reference Book<br />Assisted Numerous Covered Entities and Vendors with Compliance<br />
  42. 42. www.noworldborders.com/HIPAA5010MigrationServices.html<br />32<br />Capabilities OverviewRegence RFP Sec 1A (1-7), 2.A.4. (a – g) <br /><ul><li> Technical
  43. 43. Regulatory
  44. 44. Process
  45. 45. System / Vendor Impacts
  46. 46. Testing & Integration
  47. 47. “Agnostic, end to end approach”</li></ul>32<br />
  48. 48. 33<br />Process & Compliance Expertise<br />Process improvement & claims implementation team consultants, former consultants to 21 Blues including:<br />Alabama <br />Blue Shield of CA<br />CareFirst <br />Excellus<br />Georgia<br />Louisiana<br />Hawaii<br />Indiana<br />Premera<br />Rhode Island<br />Nebraska<br />Michigan<br />
  49. 49. 5010 & ICD-10 Testing<br />Testing Phases<br />Internal Testing<br />Unit/System/Integration<br />Product Testing (Vendor 5010/ICD-10 Software Quality)<br />User Acceptance Testing<br />Regression Testing<br />Performance Testing<br />Concurrent Testing (Deploying New 5010 Systems)<br />Disaster Recovery/Non-Compliance Testing Post-Deadline<br />External Testing<br />HIPAA Compliance Edit Testing/Transaction Testing<br />3rd Party Certification<br />End-to-End Testing/Trading Partner Testing<br />Collaborative/Community Testing<br />1/17/2010<br />34<br /> © 2010 HCCO, Inc.<br />
  50. 50. Testing Frameworks<br />Methodology<br />Waterfall<br />Agile (Test-Driven Software Development)<br />Rational Unified Process (Iterative Development)<br />Hybrid Models<br />Test Data<br />PHI Security and Privacy Concerns<br />Absolutely Critical for Successful Testing Strategies<br />Data Obfuscation/Data Masking/Scrambling<br />Business Data Cohesion and Traceability to Functional Requirements<br />4010A Production Data for Regression<br />Reusability Across 5010 and ICD-10 Projects<br />1/17/2010<br />35<br /> © 2010 HCCO, Inc.<br />
  51. 51. Testing Frameworks<br />Test Automation<br /><ul><li>Automated Scripting of Test Cases
  52. 52. Automated Retrieval of Test Data
  53. 53. ROI from Reusability Across 5010 and ICD-10
  54. 54. Necessity for Reducing Timelines
  55. 55. Critical for Testing Performance Benchmarks</li></ul>Test Strategy<br /><ul><li>Incorporate Lessons Learned from 4010A Implementation
  56. 56. Majority of IT Effort will be in Testing
  57. 57. Bring Testing Focus to Functional Requirements
  58. 58. Prepare for HIPAA Interpretation Differences
  59. 59. Use Analytics to Assist in Trading Partner Testing and Ramp-up
  60. 60. Testing for Both Verification and Validation
  61. 61. Verification – Have We Built the Software Right?
  62. 62. Validation – Have We Built the Right Software?</li></ul>1/17/2010<br />36<br /> © 2010 HCCO, Inc.<br />
  63. 63. Testing Recommendations<br /><ul><li>Create Ample Testing Timelines and Test Early/Test Often
  64. 64. Incorporate Better Test Data Generation Practices
  65. 65. Use Accurate Technical Test Data
  66. 66. Create Business Driven Testing Scenarios
  67. 67. Traceability to Functional Requirements
  68. 68. Have Separate Repositories to Prevent Data Corruption
  69. 69. Execute Cohesive/Coordinated Data Across all HIPAA Transactions
  70. 70. New 5010/ICD-10 Systems Bring More Testing Concerns
  71. 71. Vendor’s Software Defects
  72. 72. Internal Software Remediation Defects
  73. 73. Existing Legacy Defects
  74. 74. When Combined Equals Delays in Testing and Longer Timelines
  75. 75. Also Requires Legacy Data Migration and Heavy Regression Testing</li></ul>1/17/2010<br />37<br /> © 2010 HCCO, Inc.<br />
  76. 76. Testing Recommendations<br /><ul><li>Plan for Smoke Testing Vendor Software for 5010/ICD-10 Functionality
  77. 77. Automate Testing for Key Business Processes
  78. 78. Enables Faster Repetitive Regression Testing
  79. 79. Automates Test Data Conversion and Execution Processes
  80. 80. Documents Expected ICD-9 Results for ICD-10 Testing
  81. 81. Provides Reusability for ICD-10 Test Cases
  82. 82. Crucial for Performance Testing of Systems Integration
  83. 83. Use Vendor Products That Test Using HCCO CCAP Programs
  84. 84. HIPAA EDI Interpretations Tested and Aligned
  85. 85. Vendor Neutral Environment
  86. 86. Common Set of HIPAA EDI Test Data
  87. 87. Greatly Reduces Trading Partner Testing and Interpretation Ambiguities </li></ul>1/17/2010<br />38<br /> © 2010 HCCO, Inc.<br />
  88. 88. Testing Will Be Critical . . .<br />http://www.noworldborders.com/HIPAA5010MigrationServices.html<br />