Does the use of only an Internet-based (computer-to-person) inquiry and response solution (e.g., claims status and eligibility inquiries come to a client via the Internet) constitute compliance with the HIPAA standards, or does a health plan need to also use an EDI-based (computer-to-computer) inquiry/response technology solution at a minimum? What number/types of technologies must be used for a health plan to be compliant with HIPAA mandates?
The health plan must, at a minimum, provide an EDI-based solution that meets the requirements of the standards adopted by the regulation. For the current standards, this means an EDI based solution that meets the requirements of the implementation guides. Any number of additional technologies for data submission (direct data entry, Internet-based or not) may be adopted at the discretion of the plan, but there is no requirement that a plan offer any additional options beyond the minimum required EDI solution.