Frequently Asked Questions - CAQH CORE Connectivity Rule vC4.0.0 -- SOAP Requirements

The CAQH CORE Connectivity Rule vC3.1.0 already specifies requirements for SOAP, what requirements are different in the CAQH CORE Connectivity Rule vC4.0.0 SOAP requirements?

Submitted by kcooper@caqh.org on Fri, 02/18/2022 - 14:30
The CAQH CORE Connectivity Rule vC3.1.0 already specifies requirements for SOAP, what requirements are different in the CAQH CORE Connectivity Rule vC4.0.0 SOAP requirements?

The CAQH CORE Connectivity Rule vC4.0.0 SOAP requirements build upon the CAQH CORE Connectivity Rule vC3.1.0 and includes the following updates:

  • Sunset of requirements that specify the use of SSL 3.0.
  • Updated requirements to specify the use of TLS 1.2 or higher.
  • Addition of requirements to support OAuth 2.0 as an authorization standard with continued support of X.509 Digital Certificate as an authentication method.
  • Addition of new Real Time and Batch interaction patterns to support attachment transaction.
     
Back to Top
The CAQH CORE Connectivity Rule vC4.0.0 SOAP Requirements specifies support for both authentication and authorization, does my organization have to implement both methods?

Submitted by kcooper@caqh.org on Fri, 02/18/2022 - 14:31
The CAQH CORE Connectivity Rule vC4.0.0 SOAP Requirements specifies support for both authentication and authorization, does my organization have to implement both methods?

The CAQH CORE Connectivity Rule vC4.0.0 SOAP requirements specify that all HIPAA-covered entities and their agents, including health plans and providers, to support the use of X.509 Digital Certificates for authentication. The CAQH CORE Connectivity Rule vC4.0.0 SOAP requirements specify that HIPAA-covered health plans and their agents must support OAuth 2.0 for authorization. HIPAA-covered providers and their agents have the option to use OAuth 2.0 for authorization, but use is not required by the rule.

Back to Top