Frequently Asked Questions - i. CORE Certification Overview

As the ACA Administrative Simplification provisions build on and update the provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Section 1104 of the Affordable Care Act (ACA) requires all HIPAA-covered entities to comply with the adopted HIPAA-mandated transaction standards and associated operating rules.

Beyond general HIPAA compliance, ACA Section 1104 requires health plans to file a statement with HHS certifying that their data and information systems are in compliance with any applicable standards and associated operating rules for the following nine healthcare administrative and financial transactions:

• Eligibility for a health plan
• Health claim status
• Electronic funds transfers
• Healthcare payment and remittance advice
• Health claims or equivalent encounter information
• Enrollment and disenrollment in a health plan
• Health plan premium payments
• Health claims attachments
• Referral certification and authorization

On January 2, 2014, HHS issued a Notice of Proposed Rulemaking (NPRM) proposing requirements for the ACA-mandated HHS Certification of Compliance program addressing four of the nine transactions: eligibility, claim status, electronic funds transfers (EFT), and electronic remittance advice (ERA) transactions.

On October 4, 2017, HHS published a withdrawal notice for the Certification of Compliance Proposed Rule. The notice states the proposed rule was withdrawn “in order to re-examine the issues and explore options and alternatives to comply with the statutory requirements. We note that the Secretary has established regulations pertaining to compliance with, and enforcement of, HIPAA Administrative Simplification standards and operating rules. The withdrawal of this proposed rule does not remove the requirements for covered entities to comply with any of those regulations codified at 45 CFR parts 160 and 162.”

Please Note: CAQH CORE is not authorized to determine if an organization or individual is a HIPAA-covered entity. CMS provides charts to help organizations determine if they are a HIPAA-covered entity. HHS also provides FAQs on whether an organization is a HIPAA-covered entity.

CORE Certification is offered by CAQH CORE. CORE Certification means an organization has demonstrated its IT system or product, is operating in conformance with applicable requirements of a specific set(s) of the CAQH CORE Operating Rules via certification testing through a CAQH CORE-authorized testing Vendor.

Organizations pursuing CORE Certification can become certified on the CAQH CORE Operating Rules for Eligibility & Benefits, Claim Status, Payment & Remittance, Prior Authorization & Referrals, Health Care Claims, Benefit Enrollment, and/or Premium Payment.

After an organization successfully completes the CORE Certification process, it can market itself as Eligibility & Benefits, Claim Status, Payment Remittance, Prior Authorization & Referrals, Health Care Claims, Benefit Enrollment and/or Premium Payment CORE-certified, as appropriate.

For more information about CORE Certification, please refer to the CORE Certification: Step-By-Step Process webpage.

NOTES:

1. CORE Certification does not replace trading partner relationships.
2. To ensure providers experience the benefits that arise from the adoption of the CAQH CORE Operating Rules, CAQH CORE encourages small providers to consider requesting/requiring that their vendor is CORE-certified. However, if a provider is capable of seeking CORE Certification independently, we encourage them to do so.

An entity seeking CORE Certification must comply with all the CAQH CORE Operating Rules applicable to its stakeholder type in order to become certified on the CAQH CORE Operating Rules set, with the following exceptions:

• Connectivity Rule: CORE Certification is available for both real time and batch processing depending on the associated transaction. However, if an entity only supports real time transactions, it is not required to conform to the batch rules. An entity supporting both real time and batch is required to comply with rules for both.
• If a vendor or clearinghouse does not offer a product/service for an individual rule requirement, it may be certified after submitting an attestation to this fact. For example, when a vendor or clearinghouse that provides transaction processing services for Healthcare EFT and X12 v5010 835 transaction, but does not offer EFT or ERA enrollment services, it still may be CORE-certified on the CAQH CORE Payment & Remittance Operating Rules.
• If a health plan or provider outsources some functions to a clearinghouse or vendor, both the health plan/provider and entity to which the functions are outsourced will need to undergo CORE Certification testing for the health plan or provider to become CORE-certified.

The CORE Certification process has five components:

1. Pre-certification Planning and Systems Evaluation
   1. Obtain and review the applicable CAQH CORE Operating Rules
   2. Obtain and review the CAQH CORE Certification Policy.
   3. Obtain and review the applicable CAQH CORE Certification Test Suite(s).
   4. Obtain and review the applicable CAQH CORE Master Test Bed Data.
   5. Identify systems/software gaps between the CAQH CORE rule requirements and your organization’s current systems capabilities and create a project plan to eliminate any gaps.
      1. CAQH CORE offers Analysis & Planning Guides that can help entities to identify system/software gaps create a project plan to complete system remediation.
   6. Determine if your organization is eligible for the CORE Health Plan IT System Exemption. If your organization qualifies for this exemption, obtain and complete the Health Plan IT Exemption Request Form.
   7. Determine when your organization is ready to sign the CORE Pledge.
       
2. Signing and Submitting the CORE Pledge
   1. Sign the appropriate CORE Pledge.
   2. Submit the signed CORE Pledge to CAQH.
       
3. CORE Certification Testing
   1. Schedule CORE certification testing with your selected CORE-authorized testing vendor.
   2. Complete CORE certification testing within the 180-day pledge window.
   3. Remediate all systems/software issues identified by the CORE-authorized testing entity and, if necessary, repeat the certification testing.
       
4. Applying for the CORE Seal
   1. Determine your CORE Seal fee by reviewing the CORE Certification Seal fee scale
   2. Complete the appropriate CORE Seal Application form (s)
   3. Submit the completed CORE Seal Application with required paperwork and a check for the appropriate CORE Seal fee to CAQH CORE.
       
5. Recertification
   1. Recertification is required every three years for an entity to remain CORE-certified. Recertification renewals may occur anytime during the calendar year, based off initial year of certification. 

Each of the components has multiple steps which must be completed prior to moving on to the next component. 

Additional information on completing each component is available on the CORE Certification: Step-By-Step Process webpage.

The effort level/time commitment/length of time will depend upon how many adjustments an organization needs to make to its IT system(s) or products in order to become conformant with the CAQH CORE Operating Rules on which an entity is testing and thus be prepared to complete CORE Certification testing. If an entity completes a thorough gap analysis and makes the appropriate IT changes before beginning CORE Certification Testing, the certification testing period could be anywhere from 20-60 days, depending on the resources the entity puts toward the certification testing effort.

Please see the CORE Certification Step-by-Step Process for an overview of all steps required to be completed to obtain a CORE Certification Seal. Please contact CAQH CORE at CORE@caqh.org if you would like to be put in touch with others who have completed or begun certification testing.

Signing the CAQH CORE Pledge is the first step in the CORE Certification process. By signing the CAQH CORE Pledge, an organization agrees to be publicly recognized as a supporter of CAQH CORE’s mission and operating rules. In addition, the organization is demonstrating its commitment to adopt, implement, and conform to the CAQH CORE Operating Rules.

Signing the CAQH CORE Pledge commits the organization to ensure its IT system(s) conform to the CAQH CORE Operating Rules. If seeking CORE Certification, an organization must complete certification testing within 180 days of signing the CAQH CORE Pledge.

Organizations may sign the CAQH CORE Pledge at any time after the CAQH CORE Operating Rules are published, and may withdraw from the Pledge at any time. However, an organization signing the CAQH CORE Pledge is committing to completing CORE Certification Testing within 180 days of signing.

After signing the CAQH CORE Pledge, an entity pursuing CORE Certification has 180 days to complete CORE Certification testing by working with a CAQH CORE-authorized testing vendor and submitting its CORE Certification application to CAQH. It is expected that entities will take all necessary steps into consideration when determining their work plan for becoming CORE-certified. Per the CORE Certification Policies, CAQH CORE has 30 business days to process the application.

• CAQH CORE Seal Application Form
• CORE Certification Seal fee (if applicable)
• CAQH CORE HIPAA Attestation Form
• Health Plan IT Exemption Form (if applicable)

All of the required documents are available on the CORE Certification: Step-By-Step Process webpage. Note: Additional documentation may be requested by CAQH CORE.

CAQH CORE will not test for HIPAA compliance for organizations pursuing CORE Certification. All organizations that operate under the CAQH CORE Operating Rules are assumed to be HIPAA compliant. Organizations pursuing certification on the CAQH CORE Operating Rules will be asked to attest to this fact when applying for the CORE Certification Seal by completing and signing the CAQH CORE HIPAA Attestation Form. The form must be signed by an appropriate senior level executive. Vendors and other non-HIPAA-covered entities will have to sign the form as well. 

Organizations successfully completing CORE Certification Testing will be charged a fee to obtain an appropriate CORE Certification Seal based on the organization’s net annual revenue. CAQH CORE Certification Fees range from free for government organizations to $9,000 for organizations with $75 million and above in net revenue. This fee is per each set of CAQH CORE Operating Rules an entity is pursuing CORE Certification for. Fees for recertification are ½ the initial certification fees.

There is no charge to Federal or State government entities and CAQH member plans for CORE Certification.

Health Plans:

• Below $75 million in net annual revenue: $6,000 fee
• $75 million and above in net annual revenue: $9,000 fee

Clearinghouses:

• Below $75 million in net annual revenue: $6,000 fee
  • EHNAC HNAP-EHN accreditation - apply 10% ($600) discount
• $75 million and above in net annual revenue: $9,000 fee
  • EHNAC HNAP-EHN accreditation - apply 10% ($900) discount

Vendors:

• Below $75 million in net annual revenue: $6,000 fee
• $75 million and above in net annual revenue: $9,000 fee

Providers:

• Up to $1 billion in net annual revenue: $750 fee
• $1 billion and above in net annual revenue: $2,250 fee

Endorsers: (Only for entities that do not create, transmit, or use eligibility or claim status data.)

• No fee

NOTES:

• Organizations pursuing certification on more than one set of CAQH CORE Operating Rules at a

time are eligible for a 20% discount.

• Per the CORE Certification Policy, vendor products, and not entire vendor organizations, receive the CORE Certification Seal.
• The CAQH CORE Certification Fee does not include the fee for CAQH CORE Certification Testing.

Any Clearinghouse/EHN entity seeking CORE Certification that has achieved EHNAC HNAPEHN accreditation can take advantage of the partnership program discount. The Clearinghouse/EHN will indicate that it holds a current EHNAC HNAP-EHN accreditation when submitting a CAQH CORE Seal Application. (CAQH CORE will confirm EHNAC-EHN accreditation status independently.)

Per the CORE Certification Policy, CAQH CORE will complete its review of the application and processing of the paperwork in no more than 30 business days.

See the CORE Certification lists for further information.

See the list of pending and currently CORE-certified entities/products which specifically lists vendor product CORE Certification.

Yes. After processing your CORE Certification application, CAQH CORE will send you an electronic copy of your CORE Certification Seal for the appropriate operating rule set(s) for which certification has been achieved. This Seal can be used in your communication tools/materials. Please refer to the CAQH CORE Marketing Guidelines for more information.