Certification: ACA Section 1104 Certification, CORE Certification, Proposed CORE HIPAA Credential, and CORE Endorsement

II. Introduction to CORE Certification

A. CORE Certification: Overview & Policies

i. CORE Certification Overview

  1. Has HHS issued any guidance on the ACA-mandated process by which health plans must certify their compliance with the HIPAA-mandated transaction standards and associated operating rules?
  2. What does it mean to be CORE-certified?
  3. Does my organization need to complete earlier phases of CORE Certification prior to becoming CORE-certified on a later phase?
  4. Will CAQH CORE continue to offer CORE Certification on earlier CAQH CORE phases or will earlier phases cease to be supported after some time?
  5. Does an organization need to comply with all requirements of a specific phase of CAQH CORE Operating Rules (e.g., data, connectivity) in order to become CORE–certified on the phase or is CORE Certification available on individual requirements?
  6. How does my organization achieve CORE Certification?
  7. What is the level of effort, time commitment, and length of time to become CORE-certified?
  8. Why sign the CAQH CORE Pledge to become CORE-certified?
  9. Is the CAQH CORE Pledge binding?
  10. What does it mean to have 180 days to complete voluntary CORE Certification?
  11. What is the necessary paperwork required to submit with the CORE Certification Seal Application?
  12. What is the CAQH CORE HIPAA Attestation, and who has to sign it?
  13. What is the cost of the CORE Certification Seal and CAQH CORE Certification Testing?
  14. Once the required paperwork for CORE Certification has been submitted to CAQH, how long does it take to receive the CORE Certification Seal?
  15. What entities are CORE-certified?
  16. For CORE-certified vendors, how can I find out what product is certified?
  17. Can I put the CORE Certification Seal up on my organization’s website?
1. Has HHS issued any guidance on the ACA-mandated process by which health plans must certify their compliance with the HIPAA-mandated transaction standards and associated operating rules?

As the ACA Administrative Simplification provisions build on and update the provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Section 1104 of the Affordable Care Act (ACA) requires all HIPAA-covered entities to comply with the adopted HIPAA-mandated transaction standards and associated operating rules.

Beyond general HIPAA compliance, ACA Section 1104 requires health plans to file a statement with HHS certifying that their data and information systems are in compliance with any applicable standards and associated operating rules for the following nine healthcare administrative and financial transactions:

  • Eligibility for a health plan
  • Health claim status
  • Electronic funds transfers
  • Healthcare payment and remittance advice
  • Health claims or equivalent encounter information
  • Enrollment and disenrollment in a health plan
  • Health plan premium payments
  • Health claims attachments
  • Referral certification and authorization

On January 2, 2014, HHS issued a Notice of Proposed Rulemaking (NPRM) proposing requirements for the ACA-mandated HHS Certification of Compliance program addressing four of the nine transactions: eligibility, claim status, electronic funds transfers (EFT), and electronic remittance advice (ERA) transactions. To date, HHS has not issued regulations regarding health plan certification for the remaining five transactions.

On October 4, 2017, HHS published a withdrawal notice in the Federal Register for the proposed rule titled "Administrative Simplification: Certification of Compliance for Health Plans.” Please note that health plans still must comply with HIPAA-mandated standards and operating rules for electronic transactions.

HHS retains the authority to review health plans for compliance. But withdrawal of the proposed rule means that health plans will not have to certify their compliance as outlined in the proposed rule.

Please Note: CAQH CORE is not authorized to determine if an organization or individual is a HIPAA-covered entity. CMS provides charts to help organizations determine if they are a HIPAA-covered entity. HHS also provides FAQs on whether an organization is a HIPAA-covered entity.

2. What does it mean to be CORE-certified?

CORE Certification is offered by CAQH CORE. CORE Certification means an organization has demonstrated its conformance with the CAQH CORE Operating Rules by signing the CORE Pledge and successfully completing the CAQH CORE Certification Testing requirements for a phase of CAQH CORE Operating Rules with a CAQH CORE-authorized Testing Vendor. Successful CAQH CORE Certification Testing demonstrates an organization’s conformance with the rules for a particular phase of CAQH CORE Operating Rules.

Organizations pursuing CORE Certification can become certified on the Phase I, II, III, and/or IV CAQH CORE Operating Rules.

Phase I CORE Certification:

An organization that becomes certified on the Phase I CAQH CORE Operating Rules is expected to exchange eligibility and benefits information, per the requirements of the Phase I CAQH CORE Rules and Policies, with all of its trading partners.

Phase II CORE Certification:

Any organization that becomes certified on the Phase II CAQH CORE Operating Rules will be expected to exchange eligibility and benefits information and/or claim status information, per the requirements of the Phase II CAQH CORE Rules and Policies, with all of its trading partners – dependent upon whether one or both of these transactions are offered.

Phase III CORE Certification:

Any organization that becomes certified on the Phase III CAQH CORE Operating Rules will be expected to exchange Healthcare Electronic Funds Transfer (EFT) and Electronic Remittance Advice (ERA) information per the requirements of the Phase III CAQH CORE Rules and Policies, with all of its trading partners – dependent upon whether one or both of these transactions are offered.

Phase IV CORE Certification:

Any organization that becomes certified on the Phase IV CAQH CORE Operating Rules will be expected to exchange the health care claim, referral[DB1]  certification and authorization (prior authorizations), if applicable, with optional testing of benefit enrollment and maintenance, and/or premium payment information per the requirements of the Phase IV CAQH CORE Rules and Policies, with all of its trading partners – dependent upon whether one or more of these transactions are offered.

After an organization successfully completes the CORE Certification process, it can market itself as Phase I, Phase II, Phase III, and/or Phase IV CORE-certified, as appropriate. For more information about CORE Certification, please refer to the CORE Certification: Step-By-Step Process webpage.

NOTES:

  1. CORE Certification does not replace trading partner relationships.
  2. To ensure providers experience the benefits that arise from the adoption of the CAQH CORE Operating Rules, CAQH CORE encourages small providers to consider requesting/requiring that their vendor is CORE-certified. However, if a provider is capable of seeking CORE Certification independently, we encourage them to do so.

 

 

3. Does my organization need to complete earlier phases of CORE Certification prior to becoming CORE-certified on a later phase?

Yes. To become certified on a higher phase of CAQH CORE Operating Rules, an organization or its product/service must be CORE-certified on the earlier phases. CAQH CORE represents a phased approach to developing operating rules for healthcare administrative transactions. Each subsequent CAQH CORE phase builds and expands on the previous phase(s):

  • The Phase II CAQH CORE Operating Rules build on and expand the requirements of the Phase I CAQH CORE operating rules and specify more prescriptive requirements for connectivity and security beyond the Phase I Connectivity/Security rule. In Phase II, new X12 v5010 270/271 eligibility data content rules were added to enhance patient identification matching and error reporting and the application of the Phase I infrastructure rules conduct the X12 v5010 276/277 claim status transaction[DB1] .
  • The Phase III CAQH CORE Operating Rules build on the Phase I & II foundation by adopting new infrastructure rules for exchange of the HIPAA-mandated Healthcare EFT and the Electronic Remittance Advice transactions, including applying the Phase I & II connectivity/security, companion guide, and batch acknowledgement requirements to the conduct of the X12 v5010 835. The Phase III CAQH CORE Operating Rules also include data content requirements: the uniform and consistent use of the Claim Adjustment Reason Codes (CARCs) and Remittance Advice Remark Codes (RARCs) in the X12 v5010 835.
  • The Phase IV CAQH CORE Operating Rules build on the Phase I, II, & III foundation by adopting new infrastructure rules for the exchange of the Health Care Claim, Referral Certification and Authorization (prior authorization), Benefit and Enrollment Maintenance, and Payroll Deducted and Other Group Premium Payment transactions, including the application of Phase I, II, & III companion guide, acknowledgement, and response time requirements. The Phase IV Rules also expand on the Phase I, II, and III connectivity/security requirements.  

CORE Certification on the phases of the CAQH CORE Operating Rules can be completed concurrently or successively. An organization may choose to test and become certified for Phase I, then Phase II, followed by Phase III, and later Phase IV or undergo combined CORE Certification Testing for all four phases concurrently. See the CAQH CORE Certification Policies (Phase I, Phase II, Phase III, Phase IV).

NOTE: The only exception to this policy applies to vendors and clearinghouses, given their products may only address certain transactions (unlike health plans and providers). Vendors/clearinghouses/practice management systems that offer only one of the applicable transaction sets may become CORE-certified on only the relevant CAQH CORE Operating Rules phase. For example, vendors/clearinghouses that offer support for only the X12 v5010 276/277 claim status transactions can become CORE-certified on only the Phase II CAQH CORE Operating Rules for the claim status transactions while vendors/clearinghouses that offer only the X12 v5010 835 &/or Healthcare EFT Standards can become CORE-certified on only the applicable Phase III CAQH CORE EFT & ERA Operating Rules. Further, vendors/clearinghouses that offer only the X12 v5010 837 Health Care Claim transaction can become CORE-certified on only the applicable Phase IV CAQH CORE Operating Rules for the health care claim transactions.

4. Will CAQH CORE continue to offer CORE Certification on earlier CAQH CORE phases or will earlier phases cease to be supported after some time?

Yes, CORE Certification for earlier phases of CAQH CORE Operating Rules will continue to be available as there is no currently established policy for withdrawing or deprecating previous phases of CAQH CORE Operating Rules.

CAQH CORE represents a phased approach to developing operating rules for healthcare administrative transactions. As CAQH CORE moves to future rule phases, CORE-certified organizations and organizations wishing to become CORE-certified are encouraged to adopt and become certified at the highest, most recently-approved phase of CAQH CORE Operating Rules. Broader adoption of advanced CAQH CORE Operating Rules will enhance the usability and content of various administrative transactions while decreasing associated administrative costs and resources.

To become certified on a higher phase of CAQH CORE Operating Rules, an organization must be CORE-certified on the earlier phases. An organization may choose to test and become certified for Phase I, then Phase II, followed by Phase III, and later Phase IV or undergo combined CORE Certification Testing for all four phases concurrently.

5. Does an organization need to comply with all requirements of a specific phase of CAQH CORE Operating Rules (e.g., data, connectivity) in order to become CORE–certified on the phase or is CORE Certification available on individual requirements?

An entity seeking CORE Certification must comply with all of the CAQH CORE Operating Rules applicable to its stakeholder type in order to become certified on the CAQH CORE Operating Rules phase, with the following exceptions:

  • Connectivity Rule: CORE Certification is available for both real time and batch processing. However, if an entity does not support batch transactions, it is not required to conform to the batch rules. An entity supporting both real time and batch is required to comply with rules for both. Conformance is only required for the transaction(s) offered by the certifying entity.
  • If a vendor or clearinghouse does not offer a product/service for which CORE Certification exists in a specific phase, it may be certified after submitting an attestation to this fact. For example, when a vendor or clearinghouse does not conduct eligibility X12 v5010 270/271 transactions, but rather offers only X12 v5010 276/277 or the Healthcare EFT Standards and X12 v5010 835 transactions, it will not have to comply with the CAQH CORE Operating Rules applicable to eligibility.
  • For Phase IV CORE Certification, stakeholders are required to test for the ASC X12N v5010 837 and ASC X12N v5010 278 transactions, if applicable. Testing for the ASC X12N v5010 820 and ASC X12N v5010 834 employer-based transactions is optional for Phase IV CORE Certification. 
6. How does my organization achieve CORE Certification?

The CORE Certification process has four components. Each component has multiple steps which must be completed prior to moving on to the next component:

  1. Pre-certification Planning and Systems Evaluation
    1. Obtain and review the applicable CAQH CORE Rules and Policies
    2. Obtain and review the applicable CAQH CORE Certification Policy(ies)
    3. Obtain and review the applicable CAQH CORE Testing Policy(ies)
    4. Obtain and review the applicable CAQH CORE Master Test Suite(s)
    5. Obtain and review the applicable CAQH CORE Master Test Bed Data if completing Phase I or Phase II CORE Certification
    6. Identify systems/software gaps between the CAQH CORE rule requirements and your organization’s current systems capabilities and create a project plan to eliminate any gaps.
    7. Determine if your organization is eligible for the CORE Health Plan IT System Exemption. If your organization qualifies for this exemption, obtain and complete the Health Plan IT Exemption Request Form.
    8. Determine when your organization is ready to sign the CORE Pledge.
  2. Signing and Submitting the CORE Pledge
    1. Sign the appropriate CORE Pledge (Phase I, Phase IIPhase III and/or Phase IV).
    2. Submit the signed CORE Pledge to CAQH.
  3. CORE Certification Testing
    1. Schedule CORE certification testing with your selected CORE-authorized testing vendor.
    2. Complete CORE certification testing within the 180-day pledge window.
    3. Remediate all systems/software issues identified by the CORE-authorized testing entity and, if necessary, repeat the certification testing.
  4. Applying for the CORE Certification Seal
    1. Determine your CORE Seal fee by reviewing the CORE Certification Seal fee scale
    2. Complete the appropriate CORE Seal Application form (s)
    3. Submit the completed CORE Seal Application with required paperwork and a check for the appropriate CORE Seal fee to CAQH CORE.

Additional information on completing each component is available on the CORE Certification: Step-By-Step Process webpage

7. What is the level of effort, time commitment, and length of time to become CORE-certified?

The effort level/time commitment/length of time will depend upon how many adjustments an organization needs to make to its IT system(s) in order to become conformant with the CAQH CORE Operating Rules on which an entity is testing and thus be prepared to complete CORE Certification testing. If an entity completes a thorough gap analysis and makes the appropriate IT changes before beginning CORE Certification testing, the certification testing period could be anywhere from 20-60 days, depending on the resources the entity puts toward the certification testing effort.

Please see the CORE Certification Step-by-Step Process for an overview of all steps required to be completed to obtain a CORE Certification Seal. Please contact CAQH CORE at CORE@caqh.org if you would like to be put in touch with others who have completed or begun certification testing.

8. Why sign the CAQH CORE Pledge to become CORE-certified?

Signing the CAQH CORE Pledge (CAQH CORE 101 for Phase I, CAQH CORE 201 for Phase II,  CAQH CORE 301 for Phase III, or CAQH CORE 401 for Phase IV is the first step in the CORE Certification process. By signing the CAQH CORE Pledge, an organization agrees to be publicly recognized as a supporter of CAQH CORE’s mission and operating rules. In addition, the organization is demonstrating its commitment to adopt, implement, and conform to the CAQH CORE Operating Rules.

Signing the CAQH CORE Pledge commits the organization to ensure its IT system(s) conform to the CAQH CORE Operating Rules. If seeking CORE Certification, an organization must complete certification testing within 180 days of signing the CAQH CORE Pledge.

9. Is the CAQH CORE Pledge binding?

Organizations may sign the CAQH CORE Pledge (Phase I, Phase II, Phase III, or Phase IV) at any time after the CAQH CORE Operating Rules are developed and approved by the Full CORE Voting Membership, and may withdraw from the Pledge at any time. However, an organization signing the CAQH CORE Pledge is committing to completing CAQH CORE Certification Testing within 180 days of signing.

10. What does it mean to have 180 days to complete voluntary CORE Certification?

After signing the CAQH CORE Pledge, an entity pursuing voluntary CORE Certification has 180 days to complete CAQH CORE Certification Testing by working with a CAQH CORE-authorized Testing Vendor and submitting its CAQH CORE Seal Application to CAQH.

Per the CAQH CORE Certification Policies, CAQH CORE has 30 business days to review and process the application. Each application undergoes a multi-tier review process including reviews from CAQH CORE technical and leadership staff. During the review process, CAQH CORE may ask for more information or clarification on questions from organizations.

11. What is the necessary paperwork required to submit with the CORE Certification Seal Application?
  • Certification Seal Application Form
  • Stakeholder-specific CORE Certification Seal fee (if applicable)
    • The CORE Certification Seal Fee is a one-time cost per phase of CORE Certification being sought.
  • Documentation of successful completion of CORE Certification testing with a CAQH CORE-authorized testing vendor
  • HIPAA Attestation Form
  • Health Plan IT Exemption Form (if applicable)

All of the required documents are available on the CORE Certification: Step-By-Step Process webpage.

12. What is the CAQH CORE HIPAA Attestation, and who has to sign it?

CAQH CORE will not test for HIPAA compliance for organizations pursuing CORE Certification. All organizations that operate under the CAQH CORE Operating Rules are assumed to be HIPAA compliant. Organizations pursuing certification on the CAQH CORE Operating Rules will be asked to attest to this fact when applying for the CORE Certification Seal by completing and signing the CAQH CORE HIPAA Attestation (Phase I, Phase II, Phase III, &/or Phase IV). The form must be signed by an appropriate senior level executive. Vendors and other non-HIPAA-covered entities will have to sign the form as well. 

13. What is the cost of the CORE Certification Seal and CAQH CORE Certification Testing?

Organizations successfully completing CAQH CORE Certification Testing will be charged a fee to obtain an appropriate CORE Certification Seal based on the organization’s net annual revenues. CAQH CORE Certification Fees range from free for government organizations to $9,000 for organizations with $75 million and above in net revenue. The CAQH CORE Certification Fee is a one-time cost per phase (and per vendor product, if applicable).

Health Plans:

  • Below $75 million in net annual revenue: $6,000 fee
  • $75 million and above in net annual revenue: $9,000 fee

Clearinghouses:

  • Below $75 million in net annual revenue: $6,000 fee
    • EHNAC HNAP-EHN accreditation - apply 10% ($600) discount
  • $75 million and above in net annual revenue: $9,000 fee
    • EHNAC HNAP-EHN accreditation - apply 10% ($900) discount

Vendors:

  • Below $75 million in net annual revenue: $6,000 fee
  • $75 million and above in net annual revenue: $9,000 fee

Providers:

  • Up to $1 billion in net annual revenue: $750 fee
  • $1 billion and above in net annual revenue: $2,250 fee

Endorsers: (Only for entities that do not create, transmit, or use eligibility or claim status data.)

  • No fee

NOTES:

  1. There is no charge to Federal or State government entities to receive the CORE Certification Seal.
  2. There is no charge to CAQH Member Health Plans to receive the CORE Certification Seal.
  3. This fee is a one-time cost for each phase of CORE Certification, unless an organization becomes de-certified or if major changes to the rules are approved by the Full CAQH CORE voting Membership (Reference CORE Certification Policies: Phase I, Phase II, Phase III, & Phase IV).
  4. CAQH CORE-authorized Testing Vendors may also charge a fee for CAQH CORE Certification Testing, as determined by each of the authorized vendors. Please discuss this with your CAQH CORE-authorized Testing Vendor.

 

14. Once the required paperwork for CORE Certification has been submitted to CAQH, how long does it take to receive the CORE Certification Seal?

Per the CAQH CORE Certification Policies (Phase I, Phase II, Phase III, & Phase IV), CAQH will complete its review of the application and processing of the paperwork in no more than 30 business days. All organizations will be informed of their queue status at the time of submission if CAQH has a large number of applications.

15. What entities are CORE-certified?

See the CORE Certification lists for further information.

16. For CORE-certified vendors, how can I find out what product is certified?

See the list of pending and currently CORE-certified entities/products which specifically lists vendor product CORE Certification.

17. Can I put the CORE Certification Seal up on my organization’s website?

Yes. After processing your CORE Certification application, CAQH CORE will send you an electronic copy of your CORE Certification Seal for the appropriate phase for which certification has been achieve. This Seal can be used in your communication tools/materials. Please refer to the CAQH CORE Marketing Guidelines for more information.