| Frequently Asked Questions: HIPAA and AS2 |
Background
- Q1: What is Drummond Group, Inc. (DGI)?
- Q2: What is HIPAA?
General
- Q3: What is AS2?
- Q4: How is AS2 related to HIPAA at a high level?
- Q5: What organizations are likely to use AS2 for HIPAA, and in what scenarios?
- Q6: What are the direct and indirect benefits of using AS2 for HIPAA?
- Q7: What is the price of AS2 software and how can I purchase it?
Technical
- Q8: What specific HIPAA requirements does AS2 address?
- Q9: If I use a clearinghouse, why would I use AS2 for HIPAA?
- Q10: Why wouldn't I just use file transfer protocol (FTP) to transfer HIPAA messages?
- Q11: Can I leverage AS2 with other health standards (HL7, NCPDP, etc.)?
- Q12: Why wouldn't I use ebMS or another message transport service for HIPAA?
- Q13: Does AS2 support "mailboxing" of messages or pull-style messaging?
- Q14: If I buy a software solution supporting ebXML Messaging, will it work with an AS2-based software solution?
- Q15: Where can I find additional information on HIPAA?
- Q16: Where can I find additional information on AS2?
General
3) What is AS2?
Applicability Statement 2 (AS2) is a draft standard of the IETF (Internet Engineering Task Force) that describes how EDI and other data can be transmitted securely over the Internet using the HTTP protocol. AS2 is often referred to as an EDI-INT (EDI over the Internet) standard. A widely recognized messaging standard for business-to-business eCommerce, AS2 enables users to connect, deliver and reply to data securely and reliably, thereby saving money, and adding flexibility and control on how the data is utilized or reported. It can be applied horizontally across supply chains and useful for any industry vertical. The adoption of AS2 grew exponentially in 2002, due in large part to adoption of the standard by the Retail and CPG industry.
4) How is AS2 related to HIPAA at a high level?
Many of the HIPAA standards require integrity and confidentiality when information is in transit between two organizations. AS2 is suitable for these purposes as it provides secure and reliable transport over the Internet. AS2 is most helpful with HIPAA security rules that address electronically-protected health information.
5) What organizations are likely to use AS2 for HIPAA, and in what scenarios?
HIPAA is requiring virtually every health-care provide organization, from the largest health plan to the smallest practice, to include several layers of safeguards and protections that the majority do not have. HIPAA affects all health plans, health-care clearinghouses, and service providers who submit or receive health-care transactions electronically. Many of these entities, including state and local government agencies, currently use incompatible coding as well as different privacy and security standards. The AS2 messaging standard for HIPAA may be used to exchange data between organizations in a safe, reliable manner over the Internet. HIPAA's national standards will simplify the system, streamline it for greater speed and accuracy, and guarantee patient privacy and heightened security overall.
6) What are the direct and indirect benefits of using AS2 for HIPAA?
AS2 directly addresses HIPAA Security, Electronic Signature, Privacy and Transaction requirements related to data being transmitted between partners.
AS2 can bring indirect benefits to organizations that deploy it for HIPAA by providing a message gateway. Implemented for HIPAA, AS2 could be used for other business-to-business use cases, including generic supply chain management scenarios. As an example, the large retailer Wal-Mart has requested that all business-to-business messaging from its 20,000-plus partner base use AS2-based software ("Wal-Mart Chooses Internet Protocol for Data Exchange," Sept. 16, 2002, Computerworld.com, http://www.computerworld.com/industrytopics/retail/story/0,10801,74282,00.html).
AS2 provides standard value-added features that organizations can utilize to improve the quality of business messaging. In addition, AS2 provides facilities for:
- Message Disposition Notifications (acknowledgment of valid message receipt)
- Ability to package audio, video or any other digitized attachment to a message
- Asynchronous messaging to allow for scalability and robustness
7) What is the price of AS2 software and how can I purchase it?
Drummond Group Inc. (DGI) serves as a vendor neutral, third party to test commercial software for interoperability. To maintain its vendor neutrality, DGI does not make product recommendations or provide pricing information. Companies interested in purchasing software which have successfully passed interoperability testing can refer to the product listings located on the eBusinessReady™ website. It is up to you to contact the individual companies to get pricing and product feature information.
"ROI report on EDI-AS2/XML over the Internet" answers the most common questions about EDI/XML over the Internet, its advantages over traditional EDI, the technology standards, ROI for large and a medium sized enterprises in supply chains and how it impacts the way of doing business
© 2008 Drummond Group, Inc.