First DataBank maintains a number of databases containing information that has been assembled, validated, and formatted for distribution to National Drug Data File Plus, Product Information File (PIF), or International Drug Data File customers. First DataBank has reviewed the HIPAA Standards for Electronic Transactions and believes that the data elements applicable for use in those standards contained in databases provided by First DataBank are compliant with those standards. Of particular interest to most First DataBank customers are the data elements identified in The Telecommunication Standard Implementation Guide, Version 5 Release 1, National Council for Prescription Drug Programs (NCPDP) as referenced in sections 162.1101, 162.1202, 162.1602 and 162.1802 of the standards. Copies of these standards can be obtained through the Internet at http://www.ncpdp.org.

Each customer system has individual generation processes that transfer First DataBank data into tables on various media for customer delivery. There are a number of customization options by which a customer may specify the content and format of data delivered by First DataBank; many of these customizations may have HIPAA compliance implications.Specification for any modifications to the latter is the customer's responsibility. Depending on the scope of the project, there may be additional fees associated with such modifications. Planning is essential on your part, and planning includes allowing time for First DataBank to perform the required work to upgrade your systems by October 2002. First DataBank will not modify any non-standard options without customer direction.

Some customers may elect to store static data tables at First DataBank that are modified by specific customer direction or by hardcopy or electronic data supplied by the customer. The tables may be used in that customer's system to generate information or to transfer data back to the customer in files shipped by First DataBank. If you have supplied data that includes fields such as drug billing codes, you must evaluate the effects on your organization's compliance with HIPAA. Complete understanding of all data exchanged between your company and First DataBank is critical to the validation of your data generation processes at First DataBank. It is the customer's responsibility to identify issues and correct the static data tables as described above.

In the most recent version of the published HIPAA regulations, First DataBank does NOT meet the definition of Business Associate as defined by the standard. First DataBank does NOT directly or indirectly engage in a function or activity involving the direct use or disclosure of individually identifiable health information. First DataBank does NOT engage in the aggregation of blinded or patient identifiable health and drug use information. By not meeting the definition of Business Associate, it is not necessary for First DataBank to provide a privacy compliance disclosure agreement to customers.

If you have any further questions regarding First DataBank and compliance with HIPAA regulations, feel free to contact Customer Service at (800) 633-3453.