CAQH CORE 270: Connectivity Rule Authentication Standards

CAQH CORE 270: Connectivity Rule (Connectivity & Security Subgroup) evaluated the connectivity implementations used by its members, including what types of submitter authentication methods were being used. The results showed widespread use of both username/password and X.509 client certificate authentication. Though username/password is the base requirement with Phase I and is widely implemented across the industry, X.509 Certificates was agreed to be an important step toward ensuring data security over the public Internet and a direction in which the industry is heading. Similar to the decision on envelope standards, a decision was made to allow both authentication standards with the necessary conformance guidance for all stakeholders.

CAQH CORE expects that in future phases CAQH CORE requirements will include single, specific standards in both of these areas. The Phase II inclusion of two envelope and authentication standards and appropriate conformance requirements greatly improves the situation in the marketplace by reducing variation in options currently available and in use. This phased step will provide the basis for a more informed decision when considering single standard recommendations moving forward.

 If the organization wants to conform with the Phase II CAQH CORE Operating Rules, which authentication standards are applicable? Conformance requirements for implementing Submitter Authentication Standards are provided in Section 4.1 of CAQH CORE 270: Connectivity Rule Version 2.2.0 by key stakeholder categories acting in either the Client or Server role. Briefly, the requirements for these stakeholder categories are: health plans and health plan vendor, acting as the Server, must support one of the two submitter authentication standards. Healthcare Providers, provider vendors and clearinghouses, acting as the Client must implement the client portions of authentication for both submitter authentication standards. Although the use of SOAP or HTTP/MIME envelopes over private networks like VPNs is possible, the CAQH CORE 270 Rule requires the use of HTTP/S over the public Internet. The Phase I CAQH CORE 153: Connectivity Rule was based on use of the public Internet for transport, and the Phase II CAQH CORE Connectivity Rule builds on Phase I, while retaining the same underlying transport.

To learn more about EDI and become a certified  EDI Professional please visit our course schedule page.

Leave a Reply

Your email address will not be published.

Post Navigation