Certification: ACA Section 1104 Certification, CORE Certification, Proposed CORE HIPAA Credential, and CORE Endorsement

II. Introduction to CORE Certification

A. CORE Certification: Overview & Policies

ii. CORE Certification Policies

1. Why would an organization have to re-certify for a CORE phase for which it had previously been CORE-certified?

CORE re-certification will be required if an organization’s CORE Certification Seal is revoked. Such a revocation would result from a validated complaint of non-conformance against a CORE-certified organization following CAQH CORE’s review of a submission of a Request for Review of Possible Non-Compliance Form. See the appropriate CAQH CORE Enforcement Policy for Phase I, Phase II, Phase III, or Phase IV, respectively, for more information.

The only exception to CAQH CORE’s re-certification policy is CORE-certified vendors. If a vendor issues an upgraded/new version of their CORE-certified product, and this product includes a major change to the transactions applicable to the product’s CORE Certification (e.g., addition of eligibility) the vendor will need to undergo re-certification for that product.

2. My company is seeking CORE Certification but has many subsidiaries. Do they all have to be conformant with the CAQH CORE Operating Rules?

Per the CAQH CORE policies on certification, a parent corporation seeking CORE Certification will not be certified unless all subsidiaries of the corporation are in conformance with the CAQH CORE Operating Rules. Otherwise, each subsidiary of the parent must individually seek certification and thus would receive its own CORE Certification Seal for the appropriate phase of CAQH CORE Operating Rules.

Vendors must complete the CORE Certification process and pay the required fee for each product they want to be CORE-certified. For vendors, CORE Certification will apply only to vendor products rather than to corporate entities.

3. What happens if an entity that is not CORE-certified buys a CORE-certified entity?

Per the CAQH CORE policies on certification (see Phase I, Phase II, Phase III, and Phase IV), if a CORE-certified entity is acquired by an entity that is not CORE-certified, the acquiring company will only be allowed to be CORE-certified if the acquired company is the only business that is applicable to the CAQH CORE Operating Rules. Or, if the acquired company continues to operate as a separate subsidiary, it may retain its CORE Certification. If this is not the case, then the newly merged company will be required to seek certification. 

4. Who can file a complaint of non-conformance with the CAQH CORE Operating Rules against a CORE-certified organization?

Under the CORE Certification program, two types of organizations may file a complaint of non-conformance with CAQH CORE against a CORE-certified organization:

  • Any healthcare provider that is an end-user of a CORE-certified product/service may lodge a complaint against a CORE-certified organization if the provider believes the CORE-certified organization is not conforming to the CAQH CORE Operating Rules. The complaint must be made by submitting a CAQH CORE Request for Review of Possible Non-Compliance Form to CAQH CORE. See the appropriate CAQH CORE Enforcement Policy (Phase I, Phase II, Phase III, or Phase IV) for more information.
  • Beyond provider end-users, CORE-certified organizations involved in the alleged non-conformant transactions may file a complaint, e.g., vendors, health plans, etc.
5. What happens if a CORE-certified company believes that a CORE-certified trading partner is not conforming to the CAQH CORE Operating Rules?

Under the CAQH CORE Enforcement Policies, CORE-certified organizations are encouraged to privately resolve disputes before submitting a formal complaint of possible non-conformance to CAQH CORE. CAQH CORE enforcement is a complaint-driven process that requires documentation (electronic or paper) demonstrating multiple instances of non-conformance with the CAQH CORE Operating Rules at the specific phase of CORE Certification.  Please see the CAQH CORE Enforcement Policy for Phase IPhase II, Phase III, or Phase IV for further details.

6. What happens if an organization becomes de-certified?

If a CORE-certified entity is found to be in actual violation of a CAQH CORE Operating Rule(s) and the violation is not remedied per the CAQH CORE enforcement timeline, the entity’s certification will be terminated and its name removed from the CAQH CORE website. De-certified organizations are entitled to seek re-certification by re-completing the CORE Certification process and paying all required fees again. De-certified entities can no longer use the CORE Certification Seal and the entity’s name will be removed from all CAQH CORE listing of CORE-certified entities.

7. Is the CAQH CORE complaint process for CORE-certified entities confidential?

Yes. Complaints filed against CORE-certified entities will not be publicly released by CAQH CORE. The information will only be used and disclosed by CAQH CORE for its review with the CAQH CORE Enforcement Committee and with the CORE-certified entity that is the respondent to the complaint.

However, if any entity is found to be in actual violation of a CAQH CORE Rule, their CORE Certification will be terminated and their name removed from the CAQH CORE website if the complaint is not remedied per the CAQH CORE Enforcement Policy timeline.

8. What is the CAQH CORE Enforcement Committee?

The CAQH CORE Enforcement Committee, composed of a diverse group of CORE Participants, reviews verified complaints of non-conformance against CORE-certified entities and is responsible for providing any extension to the grace period to remediate an issue. Enforcement Committee members will be appointed by the CAQH CORE Board from nominations made by the CORE Participants.

9. What is the CAQH CORE Health Plan IT System Exemption Policy?

The CAQH CORE Health Plan IT System Exemption Policies (Phase I Version 1.1.0, Phase II Version 2.1.0, Phase III Version 3.0.0, and Phase IV Version 4.0.0) allow a health plan seeking CORE Certification to request that a scheduled migration of an existing IT system(s) that represents less than 30 percent of a payer’s market share be exempt from being CORE conformance only if the remainder of the health plan’s IT systems are CORE conformant. The policy requires the new IT system to be CORE conformant by the end of the exemption period, which lasts for 12 months.

10. What criteria must be met for a health plan to be eligible for an exemption under the CAQH CORE Health Plan IT System Exemption Policy?

 

Any health plan seeking an exemption under the CAQH CORE Health Plan IT System Exemption Policy must meet the following criteria:

  • No more than 30 percent of a health plan’s total membership can be processed by the IT system(s) to be covered by the exemption.
  • Migration must be scheduled for completion no later than 12 months from the date of when the health plan is granted CORE Certification.

See the CAQH CORE Health Plan IT System Exemption Policy (Phase I, Phase II, Phase III, or Phase IV) and CAQH CORE Health Plan IT Exemption Request Form for more information.