X12 270 271 Transactions Tracking (CAQH CORE 155 Rule)
X12 270 271 Transactions can be tracked throughout a system/application to demonstrate conformance with the response time requirements specified in the CAQH CORE 155 Rule. The CAQH CORE Response Time Rules (CAQH CORE 155 & 156 Rules) require HIPAA covered entities to capture, log, audit, match, and report the date, time, and control numbers from their own internal systems, and corresponding data received from their trading partners.
The auditing requirement is included so that each entity will have the log of data to be used to resolve any issues or concerns. For the 20-second maximum real time response requirement, this log could also be used to identify where a bottleneck may be occurring. Section 4.3.4 of the CAQH CORE 270: Connectivity Rule also specifies that, to comply with CAQH CORE 155 and 156, message receivers will be required to track the times of any received inbound messages, and respond with the outbound message for that payload ID. Additionally, message senders must include the CORE Envelope Metadata element Time Stamp (as specified in the CAQH CORE 270 Rule, Section 4.1.2).
Other data may be required for auditing purposes; however, this data can be determined by each entity. CAQH CORE recommends that, in order to uniquely identify an X12 transmission, entities store the ISA06, ISA08, ISA13, GS02, GS03, GS06, ST02, TRN02, and if sent in the transaction, the BHT03. The audit log requirement was purposefully specified at a high level in each rule to enable each entity along the transaction pathway to design and develop its own process for audit handling. Additionally, the rules do not specify how long an entity is to maintain the data for auditing purposes.
Conformance requirements for implementing Submitter Authentication Standards are provided in Section 4.1 of CAQH CORE 270: Connectivity Rule Version 2.2.0 by key stakeholder categories acting in either the Client or Server role. Briefly, the requirements for these stakeholder categories are: health plans and health plan vendor, acting as the Server, must support one of the two submitter authentication standards. Healthcare Providers, provider vendors and clearinghouses, acting as the Client must implement the client portions of authentication for both submitter authentication standards.