EDI CAQH CORE 153 EDI Connectivity And Testing Requirements

EDI CAQH CORE 153 EDI Connectivity And Testing basics provide connectivity guidelines for CAQH CORE-authorized testing vendors. Part 2 FAQs are given below.

1. Will all CAQH CORE-authorized testing vendors use the same certification test scripts and the same detailed connectivity method to test the Phase I CAQH CORE Connectivity Rule?

For every rule, including the Phase I Connectivity Rule, each CAQH CORE-authorized testing vendor will use the same test scripts by stakeholder. Additionally, each CORE-certified entity will be responsible for being in compliance with the rules, understanding that not all aspects of rules compliance are tested during CORE Certification testing, e.g., maintaining system availability.

Because the CAQH CORE-authorized testing vendors each operate a little differently with regard to how they connect to their clients, they may use different approaches to test for the detailed CORE Connectivity Test Scripts. The CAQH CORE-authorized testing vendor you select to work with to conduct your CORE Certification testing will provide your organization with the details necessary to complete the CAQH CORE Connectivity Rule certification tests.

2. My organization’s security procedures require that clients use a digital certificate to identify themselves. Under the CAQH CORE Operating Rules, can we require that they use the certificate method?

Yes. Phase I CAQH CORE requires that entities use a User ID/Password to authenticate the sender at a minimum. If your organization’s policies require a higher level of security, Phase I implementation does not prevent you from implementing additional security mechanisms.

NOTE: These additional mechanisms, like any other additional requirements beyond the CAQH CORE Operating Rules, will not be tested by the CAQH CORE-authorized testing vendors as part of CORE Certification testing. The Phase II CAQH CORE 270: Connectivity Rule includes requirements for both Username/Password and X.509 Certificates over SSL as submitter authentication standards, with specific conformance requirements for the client (e.g., submitters/providers) and the server (e.g., health plans).

3. What is the recommended method for allowing entities to receive another entity’s root public digital certificate?

CAQH CORE does not make recommendations for this process. Please discuss this with your individual trading partners.

4. Batch processing: how long must a responder maintain response files on their system?

CAQH CORE recognizes that every organization has its own record-retention policies and, therefore, does not mandate a strict requirement for retention of response files. However, CAQH CORE recommends that a copy of responses be kept available for a minimum of six months after they are ready in order to support the process of discovery in the case of a complaint against a CORE-certified entity regarding CAQH CORE conformance.

Leave a Reply

Your email address will not be published.

Post Navigation