CAQH CORE 156 Rule Transactions Tracking

The CAQH CORE Response Time Rules (CAQH CORE 155 & 156 Rules) require HIPAA covered entities to capture, log, audit, match, and report the date, time, and control numbers from their own internal systems, and corresponding data received from their trading partners. The auditing requirement is included so that each entity will have the log of data to be used to resolve any issues or concerns. For the 20-second maximum real time response requirement, this log could also be used to identify where a bottleneck may be occurring.

Section 4.3.4 of the CAQH CORE 270: Connectivity Rule also specifies that, to comply with the CAQH CORE 155 and 156 Rules, message receivers will be required to track the times of any received inbound messages, and respond with the outbound message for that payload ID. Additionally, message senders must include the CORE Envelope Metadata element Time Stamp (as specified in the CAQH CORE 270 Rule, Section 4.1.2). Other data may be required for auditing purposes; however, this data can be determined by each entity. CAQH CORE recommends that, in order to uniquely identify an X12 transmission, entities store the ISA06, ISA08, ISA13, GS02, GS03, GS06, ST02, TRN02, and if sent in the transaction, the BHT03.

The audit log requirement was purposefully specified at a high level in each rule to enable each entity along the transaction pathway to design and develop its own process for audit handling. Additionally, the rules do not specify how long an entity is to maintain the data for auditing purposes.

The CAQH CORE 156 and 250 Rules require that 90 percent of all X12 271 and X12 277 responses be returned within the 20-second maximum response time within a calendar month to be in conformance with the rule requirements.