Yes. The CAQH CORE Connectivity Rule vC4.0.0 REST Requirements minimally specify metadata elements to establish a foundation for the industry. Entities may go above and beyond to implement or require support for additional metadata elements to support specific business needs as agreed upon by trading partners.

At a minimum, the CAQH CORE Connectivity Rule vC4.0.0 REST Requirements specify that entities must support the use of HTTP Methods GET and POST but allows entities to use additional HTTP Methods (e.g., PUT, PATCH, DELETE, etc.).

Similar to prior versions of CAQH CORE Connectivity Rules, the requirements in the CAQH CORE Connectivity Rule vC4.0.0 REST Requirements represent a floor and not a ceiling in terms of what organizations can implement. As such, entities may choose to collect additional metadata for tracking and auditing purposes such as identifiers for tracking of date and time and payload.

The list of HTTP Status and Error Codes is a normative reference tool, not a comprehensive list. The CAQH CORE Connectivity Rule vC4.0.0 REST requirements do not intend to specify the codes required; it only provides examples of codes that could be used. Organizations should be prepared to accept the error codes included in the rule and Status Codes for errors that are defined and maintained by the standards organizations (e.g., Internet Assigned Numbers Authority).

JSON is commonly identified as the industry standard for REST. The CAQH CORE Connectivity Rule vC4.0.0 REST requirements do not preclude entities from supporting other formats, such as the XML format for REST implementations; however, they would not be conformant to these rule requirements.

The CAQH CORE Connectivity Rule vC4.0.0, including the REST requirements, is payload agnostic and as such, it supports non-normative endpoint(s) for non X12 payloads (e.g., HL7_CDA_R2, HL7_C-CDA, .pdf, .txt, .jpeg, etc.). This enables the rule to support a variety of data types and allows capability with existing and emerging standards. As the industry continues to evolve, this rule may be updated to include normative non-X12 Payloads.

A REST API is a single conversational thread and uses the same endpoint for the data transactions.
 

CAQH CORE Connectivity Rule versions are updated when revisions are made to the rule. These updates follow the official CAQH CORE Change and Maintenance Process which specifies that when updates are applied, CAQH CORE will notify the industry. REST API versions are determined by the server; usually, new versions are assigned with updates to Endpoint Paths or requirements.

The CAQH CORE Connectivity Rule vC4.0.0 REST requirements pertaining to API endpoints refer to external API endpoints only. They do not apply to internal API to API exchanges.

Yes. All HIPAA-covered entities and their agents, including health plans are required to support both authentication and authorization rule requirements for REST exchanges. The CAQH CORE Connectivity Rule vC4.0.0 REST requirements specify that entities must support X.509 Digital Certificates for authentication and OAuth 2.0 for authorization.