Is HIPAA compliance for the transactions black and white or are there shades of gray?
It is possible to determine with much certainty whether or not you are in compliance. Of course it is not easy, since the Implementation Guides have myriad rules. But these are deterministic rules that can be tested and proved. The WEDI SNIP Testing and Certification group has a very good white paper on this (click here). The Implementation Guides require adherence to the X12 syntax but also adherence to a multitude of “situational rules” throughout the guide in the shaded areas. You cannot claim compliance by simply complying with the syntax; you must actually comply with each of the situational rules specified in the guide before you can claim victory. You cannot say you are 100-percent HIPAA compliant until you have proven to be 100-percent compliant with each of the aspects of HIPAA for which we have final rules (transactions, code sets, and privacy so far). For instance, saying that you are compliant with the X12 syntax of the transactions does not make you 20-percent compliant wi