1. The CAQH CORE Connectivity Rule vC4.0.0 SOAP Requirements specifies support for both authentication and authorization, does my organization have to implement both methods?
The CAQH CORE Connectivity Rule vC4.0.0 SOAP requirements specify that all HIPAA-covered entities and their agents, including health plans and providers, to support the use of X.509 Digital Certificates for authentication. The CAQH CORE Connectivity Rule vC4.0.0 SOAP requirements specify that HIPAA-covered health plans and their agents must support OAuth 2.0 for authorization. HIPAA-covered providers and their agents have the option to use OAuth 2.0 for authorization, but use is not required by the rule.