Frequently Asked Questions - CAQH CORE Connectivity Rule vC4.0.0 -- REST Requirements

The CAQH CORE Connectivity Rule vC4.0.0 REST Requirements specify both authentication and authorization, does my organization have to implement both methods?

Submitted by kcooper@caqh.org on Fri, 02/18/2022 - 14:32
The CAQH CORE Connectivity Rule vC4.0.0 REST Requirements specify both authentication and authorization, does my organization have to implement both methods?

Yes. All HIPAA-covered entities and their agents, including health plans are required to support both authentication and authorization rule requirements for REST exchanges. The CAQH CORE Connectivity Rule vC4.0.0 REST requirements specify that entities must support X.509 Digital Certificates for authentication and OAuth 2.0 for authorization.

Back to Top
Do the CAQH CORE Connectivity Rule vC4.0.0 REST requirements for API Endpoints pertain to internal or external API to API exchanges?

Submitted by kcooper@caqh.org on Fri, 02/18/2022 - 14:33
Do the CAQH CORE Connectivity Rule vC4.0.0 REST requirements for API Endpoints pertain to internal or external API to API exchanges?

The CAQH CORE Connectivity Rule vC4.0.0 REST requirements pertaining to API endpoints refer to external API endpoints only. They do not apply to internal API to API exchanges.

 

Back to Top
How and when will the next CAQH CORE Connectivity Rule version and REST API version be determined?

Submitted by kcooper@caqh.org on Fri, 02/18/2022 - 14:33
How and when will the next CAQH CORE Connectivity Rule version and REST API version be determined?

CAQH CORE Connectivity Rule versions are updated when revisions are made to the rule. These updates follow the official CAQH CORE Change and Maintenance Process which specifies that when updates are applied, CAQH CORE will notify the industry. REST API versions are determined by the server; usually, new versions are assigned with updates to Endpoint Paths or requirements.

Figure #4.3.1: Informative Example for REST API URI Path Versioning

Figure #4.3.1: Informative Example for REST API URI Path Versioning

Back to Top
Why don’t Request and Response transactions have unique individual endpoints?

Submitted by kcooper@caqh.org on Fri, 02/18/2022 - 14:35
Why don’t Request and Response transactions have unique individual endpoints?

A REST API is a single conversational thread and uses the same endpoint for the data transactions.
 

Back to Top
What endpoint(s) should be used when exchanging a non-X12 payload, such as a HL7 C-CDA over REST?

Submitted by kcooper@caqh.org on Fri, 02/18/2022 - 14:36
What endpoint(s) should be used when exchanging a non-X12 payload, such as a HL7 C-CDA over REST?

The CAQH CORE Connectivity Rule vC4.0.0, including the REST requirements, is payload agnostic and as such, it supports non-normative endpoint(s) for non X12 payloads (e.g., HL7_CDA_R2, HL7_C-CDA, .pdf, .txt, .jpeg, etc.). This enables the rule to support a variety of data types and allows capability with existing and emerging standards. As the industry continues to evolve, this rule may be updated to include normative non-X12 Payloads.

Back to Top
Why is JSON the standard included in this rule to exchange data using REST?

Submitted by kcooper@caqh.org on Fri, 02/18/2022 - 14:37
Why is JSON the standard included in this rule to exchange data using REST?

JSON is commonly identified as the industry standard for REST. The CAQH CORE Connectivity Rule vC4.0.0 REST requirements do not preclude entities from supporting other formats, such as the XML format for REST implementations; however, they would not be conformant to these rule requirements.

Back to Top
Why doesn’t the CAQH CORE Connectivity Rule vC4.0.0 include all possible HTTP Status and Error codes in the REST requirements?

Submitted by kcooper@caqh.org on Fri, 02/18/2022 - 14:37
Why doesn’t the CAQH CORE Connectivity Rule vC4.0.0 include all possible HTTP Status and Error codes in the REST requirements?

The list of HTTP Status and Error Codes is a normative reference tool, not a comprehensive list. The CAQH CORE Connectivity Rule vC4.0.0 REST requirements do not intend to specify the codes required; it only provides examples of codes that could be used. Organizations should be prepared to accept the error codes included in the rule and Status Codes for errors that are defined and maintained by the standards organizations (e.g., Internet Assigned Numbers Authority). Information to determine who to contact for a resolution and guides providing clear descriptions of the codes is out the scope for this rule.

Back to Top
Why is there not Tracking of Date and Time and Payload that allows unique identifiers to be used and exchanged in addition to timestamps within the CAQH CORE Connectivity Rule vC4.0.0 REST Requirements?

Submitted by kcooper@caqh.org on Fri, 02/18/2022 - 14:38
Why is there not Tracking of Date and Time and Payload that allows unique identifiers to be used and exchanged in addition to timestamps within the CAQH CORE Connectivity Rule vC4.0.0 REST Requirements?

Similar to prior versions of CAQH CORE Connectivity Rules, the requirements in the CAQH CORE Connectivity Rule vC4.0.0 REST Requirements represent a floor and not a ceiling in terms of what organizations can implement. As such, entities may choose to collect additional metadata for tracking and auditing purposes such as identifiers for tracking of date and time and payload.

Back to Top
When implementing the CAQH CORE Connectivity Rule REST Requirements, which HTTP Methods is my organization required to support?

Submitted by kcooper@caqh.org on Fri, 02/18/2022 - 14:38
When implementing the CAQH CORE Connectivity Rule REST Requirements, which HTTP Methods is my organization required to support?

At a minimum, the CAQH CORE Connectivity Rule vC4.0.0 REST Requirements specify that entities must support the use of HTTP Methods GET and POST but allows entities to use additional HTTP Methods (e.g., PUT, PATCH, DELETE, etc.).

 

Back to Top
The CAQH CORE Connectivity Rule vC4.0.0 REST Requirements define specific metadata that should be included as part of a RESTful exchange. My organization currently supports additional metadata not addressed by the rule, such as Levels and Destination

Submitted by kcooper@caqh.org on Fri, 02/18/2022 - 14:39
The CAQH CORE Connectivity Rule vC4.0.0 REST Requirements define specific metadata that should be included as part of a RESTful exchange. My organization currently supports additional metadata not addressed by the rule, such as Levels and Destination ID, can we continue to support these?

Yes. The CAQH CORE Connectivity Rule vC4.0.0 REST Requirements minimally specify metadata elements to establish a foundation for the industry. Entities may go above and beyond to implement or require support for additional metadata elements to support specific business needs as agreed upon by trading partners.

Back to Top