Does 'standard transaction' mean that the screens used for direct data entry, using a browser in an extranet application, have to conform to both data content and format?
There appears to be a conflict between the regulation text and the preamble regarding the exceptions for the Internet electronic media. The final regulation text states that, "If a covered entity conducts with another covered entity, using electronic media, a transaction for which the Secretary has adopted a standard under this part, the covered entity must conduct the transaction as a standard transaction. Electronic media means the mode of electronic transmission. It includes the Internet, Extranet, leased lines, dialup lines, etc." Does 'standard transaction' mean that the screens used for direct data entry, using a browser in an extranet application, have to conform to both data content and format?
We do not see the conflict suggested. The provisions for direct data entry are explicitly listed as an "exception" to the general rule at section 162.923(b). This means that, for transactions coming within the exception, the alternate requirements of the exception constitute the standard (unless, of course, the health care provider elects to follow the general rule).
Direct data entry (DDE) systems are not subject to the transaction format requirements, but must use 'applicable data content' and data condition requirements. In this context, 'applicable data content' means that the DDE systems must collect all fields that are required in the HIPAA implementation guide for a particular standard, as well as those situational elements that are needed for processing (unless that data is already available to the health plan's system). All internal and external code sets designated in the implementation guide(s) are to be used. DDE systems must provide for at least the field size minimums noted in the implementation guide(s), but no more than the maximum size allowed. DDE systems must also permit at least the minimum number of segment/field repeats noted in the implementation guide(s), but no more than the maximum number allowed. In addition, DDE systems may not collect additional data that are not included in the implementation guide for a particular standard transaction.