CAQH CORE HTTP/S Vendor Parties Guidelines
CAQH CORE HTTP/S vendor rules do not require that an entity (provider or health plan) implement the technology directly into their own data center. The Phase I CAQH CORE Rules implicitly acknowledge that both providers and health plans will use technology solutions provided by vendors to accomplish all that must be done. Neither do CAQH CORE Operating Rules require a “direct” connect—meaning that providers connect directly to the health plan’s data center and do not connect to any intermediary, such as a clearinghouse. Thus, the Phase I CAQH CORE Rules do not require any specific architecture. Rather, CAQH CORE Operating Rules specify the capabilities that need to be enabled by any CORE-certified entity.
Payload ID is unique to each HTTP message instance and the payload being transported by HTTP. An entity should expect to receive a long, possibly alphanumeric, ID from its trading partners and should be able to store that ID and associate it with each X12 Real time message processed from the trading partner through the supported HTTP communication system. From a technical perspective, most submitters will use some sort of globally unique ID or universally unique ID (GUID or UUID) as their payload ID so receivers should allocate a data field that can contain at a minimum the 128 bits required to store a GUID/UUID.
An entity seeking CORE Certification, working with or without their vendor providing the HTTP/S connectivity capability, will have to demonstrate conformance with the Phase I CAQH CORE Connectivity Rule through the CORE Certification testing. CAQH CORE encourages payers who are using vendors to review their compliance to make sure that they are fully in compliance with both CAQH CORE and HIPAA, particularly the clause in HIPAA that says payers cannot charge more than the cost of telecommunications for handling the connectivity.